Government Compliance Solutions

Passing compliance and keeping up with government cyber security standards

Keep critical federal information and infrastructure secure and maintain government data reporting standards with our government compliance solutions.

Federal agencies make an enticing target for organized crime and government cyber security terrorists, though the Government Accountability Office cites that 18 of 24 major federal agencies reported inadequate information security controls for reporting. Combined with an ever-increasing number of regulations around IT security, continuously monitoring government cyber security and achieving compliance can seem daunting.

Rapid7 Nexpose is certified according to Common Criteria Evaluation Assurance Level 3 Augmented (CC EAL3+), the highest level available. Rapid7 is also part of a number of government contracts, including GSA, SEWP, ITES, and AFWAY. This means government agencies can be confident that we've met all the rigors of a thorough certification process-but if you'd like a little extra help with getting your FISMA or USGCB compliance program in order, our professional services team can help.

In addition to being a PCI DSS Approved Scanning Vendor (ASV), we passed the Mastercard Site Data Protection (SDP) Vendor Compliance Testing Program, which means our professional services team can help you meet the PCI DSS compliance standards.

Find and Assess The Threats in Your Environment

Find and assess the threats in your environment

Find out precisely what you have in your infrastructure by taking inventory of your physical and virtual assets and scanning them for vulnerabilities with Nexpose. Once Nexpose finds the vulnerabilities in your systems, you can easily prioritize and mitigate the discovered threats as well as map them to IAVA-generated alerts.

Validate and Document The Threats You Discover

Validate and document the threats you discover

Use your resources wisely and concentrate on the most critical threats by validating a vulnerability's exploitability in your systems. In addition to checking for existing exploit kits, Metasploit will give you the contextual risk of discovered vulnerabilities through penetration tests and social engineering. That way you know you're prioritizing highest-risk vulnerabilities first for remediation-and not cluttering up your reports with vulnerabilities that might not pose a risk in your environment.

Perform Audits and Test Regulatory Controls

Perform audits and test regulatory controls

We've provided scans and reports required by several federal regulations in Nexpose to help you perform security audits in line with SCAP guidelines. With built-in report templates, you can easily document that your systems comply with key federal regulations, including FISMA, USGCB and FDCC. In addition, you can automate reporting to CyberScope, so submitting your monthly FISMA metrics is easy and hands-free with our government compliance solution.

Rapid7 Federal Overview

Learn more about Rapid7 and how we work with the federal government

Download Now

Research Report

See the trends around data breaches in the government sector

Download Now

FISMA Compliance Guide

Learn the requirements and steps in becoming FISMA compliant

Download Now