How Can We Help?
< All Topics
Print

Multi System Management (Baseline/Deployment Mgmt)

PostedMarch 6, 2023
UpdatedJanuary 10, 2025
Byjustin
Systems in Ryskview have an Authorization Type. This is one of the following:
 
A & A – Assess & Authorize – This means that the system has its own RMF Authorization effort and is not leveraging an existing Authorization.  This is typical for Enclaves and Major Information Systems (IS).
 
Baseline – This indicates that the System is acting as a baseline, either through “Type” Authorization, or other means. This selection in Ryskview allows other Systems to link themselves as a Deployment (i.e. another instance) of the Baseline System.
 
Deployment – This indicates that the System is linked to a Baseline System for Authorization purposes. Selecting Deployment will require an additional selection of Baseline. Once this is done, then the Deployment will automatically inherit specific attributes such as eMASS ID, Expiration Date, Impact, and Confidentiality, Integrity, Availability values.  A Deployment may be linked to any Baseline System.
(However, in order to view the Baseline data, the Deployment users would need to update permissions.  Likewise, in order for the Baseline System users to see the Deployment System data, they would need to update their permissions as well.)
 

Other than just documenting the Authorization relationship for Baseline/Deployment Systems, Ryskview also gives the capability to compare the security postures of the varying systems from both the Baseline, or Program Management perspective, as well as the Deployed Site perspective.

When looking at the list of Systems, click on the ACTIONS > COMPARE button. This will bring up a page titled Multi System Management. Regardless of whether you click Compare on the Baseline System or a Deployment System, the same information elements will be displayed. However, user permissions will determine exactly what Systems are displayed.

Baseline Profile Columns

Rysk Score– Displays the Rysk Score of the System
Assets– Lists the number of Assets that are part of that System
Last Scan – Date of the most recent scan of at least 1 of the Assets
% Credentialed – Percentage of Assets in the System with credentialed scans on the most recent scan of the System
Unique Vulnerabilities – Number of uniquely identifiable vulnerabilities, regardless of how many times they occur within a System Cumulative Vulnerabilities – Total number of vulnerabilities on a System
Past Due w/o POAM – Total number of vulnerabilities that are past due date and not on a POAM.
% Past Due – Percentage of total vulnerabilities that are past due date
IAVA Past Due w/o POAM – Total number of IAVA vulnerabilities that are past due date and not on a POAM.
POAM Past Due – Number of POAM items that are past due date.

Deployed Systems

The Systems that are linked to the Baseline Systems are listed here.  However, a user will only see those Systems for which he has permissions.
Documents – This will be compliant (green check) if the three required documents have been uploaded into the Deployed System Profile.  These three documents are Architecture Diagram, Hardware/Software List, and Memo of Agreement (MOA).
Scans – This will be compliant if a vulnerability scan has been imported into Ryskview for the System within the previous 30 days.
POAM – This will be compliant if there are no past due POAM items.

Clicking on the VIEW DETAILS button will provide specifics for the Deployed System as shown below.

Document Details provides the specific compliance for each of the three required documents.  

Scan Data provides the same metrics for the Deployed System that are provided for the Baseline System.

POAM Details indicates the number of POAM items that are past due.  

Clicking COMPARE TO BASELINE will provide a vulnerability specific comparison to the Baseline System as shown below.

Deployment to Baseline Comparison

This view is from the perspective of the Deployed System.  It lists all the open vulnerabilities, Scan Data and POAMs, for the Deployed System and provides the status of that same vulnerability for the Baseline System.  If a vulnerability exists on the Baseline System, but not on the Deployed System, then it will not show up in this view.  Below is a chart to help understand the meanings.

Selecting VIEW DETAILS will provide the specific details of the vulnerability on the Baseline System.

 

FAQ: How can a vulnerability show up on a Deployment but not on a Baseline System?

A: There are more than a few ways this can happen.  The specific reason will always become apparent by looking at the vulnerability itself.  Below are a few examples.

1.  An SSL Certificate related vulnerability.  It is possible to have different SSL certificate configurations on Baseline and Deployment.

2. Virtual Server related vulnerability.  If the Deployment is virtualized, an ESXi or VMware related vulnerability may occur. 

3. Configuration related vulnerability.  If the Deployment has certain configurations that are not aligned with the Baseline, such as Autologon Enabled,  a vulnerability may occur.

4. Software related.  If the Deployment has software installed that is not installed on the Baseline, then a vulnerability for the software may occur.

Table of Contents

Contact Us

10411 Motor City Drive
Suite 685
Bethesda, MD 20817

(410) 696-1680

info@ryskview.com

©  Ryskview, LLC