Vendor Provided Validation Details - Triumfant Resolution Manager 4.3

The following text was provided by the vendor during testing to describe how the product implements the specific capabilities.

Statement of FDCC Implementation

Triumfant¡¯s Resolution Manager does not require any changes to the FDCC settings in order to install or operate the tool.

Statement of SCAP Implementation

Triumfant Resolution Manager is based on an extremely powerful data collection and analysis platform that can leverage security content expressed using the six standards that comprise the Security Content Automation Protocol (SCAP). The product is designed around a philosophy of continuous compliance management rather than periodic assessments that can leave an organization vulnerable for months at a time. Triumfant Resolution Manager allows security benchmarks defined using XCCDF and OVAL protocols to be validated and imported. Once such a benchmark is resident within the system, it can be automatically applied to any set of target computers on a schedule determined by the administrator. The results are collected and analyzed on a daily basis and any non compliant items can be remediated automatically by launching responses that are synthesized on the fly. Because the results reside in a central database, they can be viewed at any time using a web based user interface or in the form of various reports. The results are expressed using CVE identifiers for vulnerabilities, CCE identifiers for configuration items, CVSS information for scoring, and CPE compliant names for platforms and products.

Statement of CVE Implementation

Triumfant Resolution Manager is capable of assessing vulnerabilities on every computer in an organization, every day. This assessment is typically based on SCAP content that is automatically downloaded and executed by the Resolution Manager agent to directly detect vulnerable software components. Resolution Manager is also capable of identifying the security patches installed on each computer and determining if any security patches are missing.  An explanation field is provided for each missing security patch that maps the patch to the vulnerabilities that the patch is intended to address. All vulnerabilities detected by Resolution Manager include references to the appropriate Common Vulnerabilities and Exposures (CVE) identifiers.  The CVE identifiers are visible via the product¡¯s user interface and include links to the National Vulnerability Database (NVD), a government repository of standards based vulnerability management data.  These links provide easy access to additional information and references associated with each of the vulnerabilities. The CVE identifiers and their descriptions also appear in certain human-readable reports produced by Resolution Manager.

Statement of CCE Implementation

Triumfant Resolution Manager is capable of routinely collecting a massive amount of detailed computer state information.  This information is stored in a relational database enabling continuous access to the state of virtually any configuration item.  Resolution Manager uses Common Configuration Enumeration (CCE) format to identify and describe configuration items when applicable.  CCE identifiers and descriptions for configuration items are visible from the product¡¯s user interface and are included in various human and machine-readable report formats.  The reporting capability is extremely flexible and allows assessment results to be organized by computer or by CCE.  Various built in style sheets allow CCE data to be displayed in verbose formats that include explanations of each CCE and summary forms that show only the CCE identifier and the associated result.  Triumfant Resolution Manager is capable of enforcing security configuration policies by remediating any configuration items that are found to be non-compliant.  Continuous assessment and management of security configuration items minimizes the overall attack surface of a computing environment while enhancing situational awareness.

Statement of CPE Implementation

Triumfant Resolution Manager includes support for the Common Platform Enumeration (CPE) naming scheme. The SCAP content used by Resolution Manager when performing security audits and/or vulnerability assessments typically includes standardized software inventory definitions that allow the Resolution Manager agent to identify the platform and applications installed on the target computer by CPE identifier.  This CPE information is used to determine if the tests included in the SCAP content are relevant to the platform and applications being assessed. If the CPE requirements for a test are not met by the CPE inventory found on the target computer, then associated test is aborted and an appropriate error message is generated. When SCAP content includes inventory definitions, then the results produced when those inventory definitions are executed can be included in the machine-readable output reports generated by Triumfant Resolution Manager.  As part of its daily scan Resolution Manager collects an inventory of all applications installed on each machine.  This information is stored in the Resolution Manager database and includes the CPE identifier for each application found.

Statement of CVSS Implementation

Triumfant Resolution Manager provides references to the National Vulnerability Database (NVD) for each of the vulnerabilities that it detects.  These references are implemented within the user interface as web links that provide access to Common Vulnerability Scoring System (CVSS) information including CVSS vectors and CVSS base scores.  CVSS information is also embedded in the recognition filters that Resolution Manager uses to interpret SCAP results.  This means that the CVSS base score, the CVSS vector string, the CVSS Impact Subscore, and the CVSS Exploitability Subscore for each vulnerability are available to be viewed even when a connection to the NVD is not possible.  Currently Triumfant Resolution Manager uses a flat scoring model that is compatible with CVSS.  Scores are computed for the benchmarks applied to each computer and these scores are provided in both human-readable and machine-readable report formats.  These report formats include detailed presentations that provide the scores for each individual test as well as summary presentations that show consolidated scores for groups of computers and scoring trends over time.

Statement of OVAL Implementation  

Triumfant Resolution Manager fully supports the use of Open Vulnerability and Assessment Language (OVAL) to define the method for assessing a given configuration item. When the product imports an SCAP benchmark, it validates and imports the OVAL definition files for the configuration items and patches referenced by that benchmark. The contents of each valid OVAL file are stored in the system database and can be viewed from the Administrative console along with other relevant information such as the date generated, date imported, and schema version. OVAL files can be distributed to groups of computers automatically and can also be updated or deleted automatically. OVAL based assessments can be scheduled to execute daily, enabling compliance to be managed on a continuous basis. OVAL results are automatically collected each time an assessment is executed and are combined with the information in the appropriate XCCDF profile to produce both machine readable and human readable compliance reports.

Statement of XCCDF Implementation  

Triumfant Resolution Manager provides the ability to import and process security benchmarks defined using eXtensible Configuration Checklist Description Format (XCCDF). The product can identify, validate, and import XCCDF benchmarks from a designated location. This includes automatically importing any dependent files referenced by the XCCDF benchmark such as OVAL definition files. Once a benchmark has been imported, its contents can be viewed from the Administrative console along with other relevant information such as the title, platform, date generated, date imported, and version. XCCDF benchmarks can be automatically applied to groups of computers or a single computer either on a routine basis or on demand. The results from an XCCDF benchmark can then be viewed via the user interface and/or exported in the form of a human-readable or machine-readable report. The human-readable reports can be arranged to display results by computer or by rule ID and can display all rules that were evaluated or only those that were non-compliant. The machine-readable report can be produced in XCCDF format and provides the ability to inject organization information and overrides.