ENHANCED SYSTEM, METHOD AND MEDIUM FOR CERTIFYING AND ACCREDITING REQUIREMENTS COMPLIANCE UTILIZING CONTINUOUS RISK ASSESSMENT

摘要

A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes electronically scanning, on a predetermined basis, hardware and/or software characteristics of components within a target system to obtain and store target system configuration information (100), receiving and storing target system operational environment information, using information collected in the scanning and receiving steps to select one or more security requirements (102) in accordance with the at least one predefined standard, regulation and/or requirement, selecting one or more test procedures (104) used to determine target system compliance with the security requirements, and producing a risk assessment of the target system (108).