ELECTROSOFT SECURITY WEB AUDIT TOOL (ESWAT)

• Collection, Management, and Reporting of implementation of security controls
• Efficient development of PIV C&A documentation
• Cost-effective monitoring of security control implementation

• Online tool allows Agencies to conduct a formal assessment of IT Systems to determine compliance with Government mandated requirements
• Provides centralized monitoring and enforcement of C&A activities across agencies or organizations that are geographically dispersed
• Easy to use, intuitive, graphical user interface that simplifies the C&A process and provides detailed guidance on how to conduct the necessary activities
• Allows a systematic collection and compilation of information related to IT System requirements based on NIST standards and guidance
• Allows the automated generation of the System Security Plans (SSP), Risk Assessments and System Assessment Reports in MS Word format in a customizable document template
• Allows the automated generation of the Plan of Action and Milestones (POAM) report in a customizable MS Excel format
• Allows consolidation of all C&A data and documentation into a centralized database which can be secured at an organizational level
• Shows the completion statistics of all C&A activities in easy to comprehend drillable charts using the ESWAT Enterprise Dashboard™

• Three-tier Java-based (J2EE) Application: Runs on most popular server operating systems such as Windows and Linux
• Support for simultaneous Users: Maximizes productivity and minimizes time required to complete assessments
• Centralized Data Repository: Enables organizations to consolidate assessment data to a common store
• Logging Capabilities: Allows easy auditing of user activities on the system
• Attachment of Associated Documents: Allows related documents to be saved with an assessment, thus minimizing paperwork
• Browser-based Client : Allows access to ESWAT over network.
• Built-in Assessment Scoring Mechanism : Provides numerical score for an assessment based on customizable weights assigned to various control categories
• Report generation in Microsoft Word: Provides customizable MS Word templates for System Security Plans and assessment reports as well as MS Excel templates for the POAM
• Security Plan and Assessment Comparison: Allows easy comparison of results of two separate SSPs and assessments

• Authentication using username and password
• Support for multiple roles with different privileges
• System Security Plans, Risk Assessments and POAM data is compartmentalized to allow access only to designated users
• Web Sessions between Client (browser) and Server are secured using Secure Sockets Layer (TLS/SSL)