Download
We have migrated development of Sagacity to GitHub at https://github.com/cyberperspectives/sagacity
Sagacity is a vulnerability assessment and STIG compliance data management tool designed to make security testing more efficient, effective and complete.
Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow analyze to communicate risk to their employers. Sagacity, originally written to support a government customer, was designed to fill that need.
What if an organization could turn massive amounts of irreconcilable vulnerability scan data into true knowledge and insight about their networks? They would be able to make wise decisions resulting in cost-effective actions to improve their security with the best return on investment.
Keen insight. Sound judgment. Wise decisions. Sagacity.
Features
- ingest data from Nessus vulnerability and compliance scans, SCC, nmap, MBSA and other automated tools
- correlate data to applicable STIG and IAVM checklists and deconflict data from multiple scan sources
- identify required manual STIG checks for a complete compliance assessment
- provide an efficient spreadsheet format for conducting manual tests and reporting compliance data
- track assessed hosts, applicable STIGs, OS's, installed software, missing patches, network services and more
- security assessment task tracking to ensure a complete and thorough test
- a searchable database of STIGs, IAVMs, CVE, vendor advisories and RMF CCI information.
Project Samples
