nCircle Products Now Support U.S. DoD Vulnerability Alerts

Share Article

Recent Lift of Usage Restriction on Government IAVA Vulnerability Data Enables Commercial Vendors to Provide Compliance Support

“This is really good news for DoD, other agencies and contractors needing to comply with IAVM notices,” says Keren Cummins, director of federal markets for nCircle.

nCircle, the leader in automated security and compliance auditing solutions, today announced full Department of Defense (DoD) Information Assurance Vulnerability Management (IAVM) support now available in its IP360 vulnerability management solution.

Previously using “For Official Use Only (FOUO)” information, the IAVM Program which is jointly managed by U.S. Cyber Command and the Defense Information Systems Agency (DISA) notifies Combatant Commands, Services, and Agencies (CC/S/A) about vulnerability alerts and mitigation measures. These notices include information about the mitigation of vulnerabilities, malicious code, and other threats to the DoD. The IAVM program recently changed the information classification of IAVM vulnerability data from ‘for official use only’ to ‘unclassified,’ allowing commercial vendors who support DoD and other security programs to incorporate this information into their commercial products.

This new layer of commercial vendor support will enable a greater level of collaboration between industry, U.S. federal and DoD security efforts in the vulnerability management arena and will significantly assist agencies in monitoring and meeting IAVM compliance requirements.

One of the first vendors to respond, nCircle now offers complete support for all IAVM vulnerability data in its IP360 Vulnerability Management product just two weeks after the IAVM data classification changed. This includes support for all IAVA (Alerts), IAVB (Bulletins), and TA (Technical Advisories) vulnerability data that have been published by DISA from 2005 to 2011. Over time, nCircle will be publishing IAVM updates within days of new data being released by DISA.

“This is really good news for DoD, other agencies and contractors needing to comply with IAVM notices,” says Keren Cummins, director of federal markets for nCircle. “IAVA support provides a highly automated way for agencies using nCircle solutions to demonstrate compliance to DoD policy around rapid remediation of vulnerabilities that have received an IAVM designation.”

In addition to nCircle IP360’s powerful features such as agentless scanning, enterprise scalability and continuous monitoring, nCircle has activated an IAVA Compliance Module that provides specific reporting on IAVM vulnerabilities using a filtering capability, enabling federal and DoD customers to report on IAVM vulnerabilities specifically and with ease. For more information about nCircle IP360 and the IAVA Compliance Module, contact

About nCircle Suite360
nCircle provides the world's most comprehensive suite of solutions for agentless security and configuration auditing of physical and virtual IT environments. nCircle's solutions combine the broadest discovery of networked systems and their operating systems, applications, vulnerabilities and configurations with advanced analytics to help enterprises reduce security risk and achieve compliance.

nCircle's solutions include IP360™ for vulnerability management, WebApp360™ for web application vulnerability auditing, Configuration Compliance Manager™ (CCM) for configuration auditing and file integrity monitoring, Certified PCI Scan Service™ for on-demand self-service PCI scanning, and Suite360 Intelligence Hub™ for IT governance, risk and compliance (ITGRC) reporting and analytics.

About nCircle
nCircle is the leading provider of automated security and compliance auditing solutions. More than 5,500 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at

nCircle is a registered trademark of nCircle Network Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Courtney Beveridge