Maintaining secure and compliant federal networks with accurate configuration assessment

Helping to deliver on the Executive Order to enhance US national cybersecurity and improve the protection of federal networks, cybersecurity teams across 30+ US agencies use Nipper to test configurations and improve the security and compliance posture of federal networks.

As the configuration of networks is critical to protecting the confidentiality, integrity and availability (CIA) of the most sensitive federal data, systems, and services, it needs to be assessed and validated regularly. Which is why Nipper is a trusted component in the vulnerability management toolsets of 30+ federal agencies, helping them assess firewalls, switches and routers to detect critical misconfigurations.

The software also provides agencies with risk mitigation advice and device specific technical fixes to improve mean time to remediate. Nipper can then be used to track when vulnerabilities have been remediated, providing an up-to-date view of the security and compliance posture of the agency to ensure skilled network resources are used to best effect. Users can also assess their performance against benchmarks and controls, such as NIST SP 800-53 to evidence compliance against the CDM Asset Management Capability, and specifically the Configuration Settings Management (CSM) and Vulnerability Management (VUL) capabilities.

With Nipper Enterprise agencies are now able to continuously assess network security on an up-to-hourly basis and have a roadmap to playbook-controlled remediation of identified misconfigurations.

Critical risk remediation prioritization:

  • Misconfigurations detected and assessed for
    • impact to the network if exploited,
    • ease of exploitation, and
    • ease and time to fix
  • Device specific remediation advice and command-line fixes
  • Daily configuration drift monitoring

Security and compliance assurance:

  • Assure compliance for FISMA, HIPAA, NIST, DISA RMF, CDM, CMMC and PCI DSS
  • Reduce audit times by up to 80% with evidence of compliance
  • Assessor-ready reports of compliance with:
    • 94% of NIST 800-53 network controls
    • 89% of CMMC network practices to evidence SCRM
    • 94% of PCI DSS network device procedures
    • STIGs

Continuous misconfiguration detection and response

  • Continuous visibility of misconfigurations and vulnerabilities
  • Strategic, real-time prioritization of risk and remediation
  • Dashboards and reports of security and compliance posture
  • Roadmap to playbook-controlled auto-remediation

Supply Chain Risk Management

Federal contractors are increasingly obligated to identify, assess and mitigate supply chain-related security threats. Aligning to federal government supply chain security efforts – even when not mandated – demonstrates that they can protect their government customers, as well as themselves, from threat-actors. Nipper can be used to automate the assessment of  firewalls, switches and routers for a range of risk management frameworks and security standards, including NIST 800-53, NIST 800-171, CMMC – cutting audit times by up to 80% due to its accuracy, and identifying misconfigurations that arise from interdependent settings that other configuration auditing cannot detect.

Nipper automates the compliance assessment of 94% of NIST 800-53 core network controls and 89% of the NIST 800-171 controls related to network devices. And for contractors that intend to voluntarily obtain CMMC certification to verify their cybersecurity standards, Nipper helps demonstrate compliance with 89% of CMMC network security practices across 9 domains.

Independent Research Report: The impact of exploitable misconfigurations on network security within US Federal organizations

Revealing the key challenges that network security teams are facing, this independent survey of senior cybersecurity decision-makers across the US Federal Government, as well as other US critical national infrastructure sectors (military, oil & gas, telecoms, and financial services), for comparison purposes, gives insight into how the U.S. Federal Government is currently managing the critical risks associated with misconfigured network devices – namely firewalls, switches and routers.

It shows that an average of 51 network device misconfigurations were discovered in the last two years with 4% deemed to be critical vulnerabilities that could take down the network within the U.S. Federal Government according to latest research.

Download the Report

Titania is proven to protect critical infrastructure

Need accurate on-demand security and compliance audits and assurance?


Ready for continuous misconfiguration detection and response?