Xacta Corp. has released the Service Pack 2 upgrade to its Xacta Web C&A (for Certification and Accreditation) and Xacta Commerce Trust security risk management products, directed at the government and commercial sectors respectively. Service Pack 2 adds reports to help government agencies meet Federal Information Security Management (FISMA) compliance requirements.

For example, the upgrade allows Plan of Action and Milestones reports to be generated on demand, and it automates the generation of agency-level security performance reports, which are required quarterly by the federal Office of Management and Budget. The summary report identifies the total number of systems in each agency, and how many have completed C&A processes and other security objectives.

In addition, of interest to government and commercial customers, Service Pack 2 offers the Xacta Detect automatic vulnerability scanning update service, and the SANS Top 20 Internet security vulnerabilities information into its knowledge base.

A new centralized administration console improved application control and management of online users.

"The product implements a formal risk management process through an assessment and compliance capability," says David Wilson, vice president of product management and support for Xacta.

One such feature is policy locking and enforcement, which ensures that a test procedure exists for each security requirement, and that follow-up happens to ensure the organization is in or out of compliance. A risk analysis component enables security analysts to assess the level of risk associated with the flaw.

Xacta Web C&A is priced on a project basis, with a project defined as the boundary around the system that needs protection. For government customers, a single project is typically priced at under $10,000 to protect. A commercial customer with 200 IP addresses to protect would pay approximately $30 per device of $6,000 for Xacta Commerce Trust.