Xacta by Telos Corporation

Additional Info

CompanyTelos Corporation
Company size (employees)500 to 999
Type of solutionHybrid


In 2000, Telos first introduced Xacta, revolutionizing security compliance for government agencies by automating IT risk management processes and reporting. Xacta was the first product of its kind and is even recognized by industry analysts as the catalyst for the IT Governance, Risk and Compliance (GRC) industry. Each iteration of the solution has successfully anticipated evolving customer requirements. Integrated with both the Amazon Web Services (AWS) and Azure clouds, Xacta provides cloud customers with automation that is critical for gathering, organizing and operationalizing the data needed to continuously manage cyber risk for regulated and non-regulated industries alike.

Most recently, Telos released Xacta.io, praised as the next generation of cyber risk management. Xacta.io provides cyber risk and compliance analytics while enabling streaming and persistent data sources for plentiful and accessible vulnerability and compliance metrics. It also creates a complete view of a company’s risk posture by drawing data at scale from third-party solutions. By marrying innovation with real-world problem solving, Xacta has been implemented within the federal government, across civilian, defense and intelligence agencies.

Xacta has received many positive reviews via Gartner’s Peer Insights platform, most notably how “Xacta has grown into other products but has stayed true to the functionality it has provided for years.”

How we are different

Testifying to Telos’ technological superiority over its competitors, companies like IronNet Cybersecurity, a company founded by General (Ret) Keith Alexander, and SaaS platform CloudCheckr, looked to the company and its innovative Xacta product to help automate FedRAMP documentation and even achieve FedRAMP Ready status. Telos also forged multiple partnerships and won contracts to deploy Xacta, including with the U.S. Air Force, a partnership with Splunk, stackArmor, and AWS on FASTTR, and ST Engineering (throughout Asia and the Middle East), further validating its success.
The latest iterations of Xacta have been praised as the next generation of cyber risk management. Xacta.io 1.7 offers a controls crosswalk feature that enables automated control mapping to support compliance with multiple IT regulatory compliance management frameworks in on-premises, cloud and hybrid environments. This builds on Xacta.io’s current capabilities, which already provides a unique Predictive Mapping feature that automatically maps vulnerability scanning and testing results to a control’s compliance status.
Xacta 360 1.7 introduced Essential Data Exchange (EDE), a capability that supports a variety of standards that automate the sharing of compliance data among organizations and applications for more efficient, less laborious compliance management, reporting and audit collaboration. EDE currently supports three compliance data-sharing standards: NIST’s Open Security Controls Assessment Language (OSCAL) standard, which has been adopted by the FedRAMP cloud compliance program; BoE.xml, used by the Intelligence Community; and Xacta Data Exchange (XDE), used for audit collaboration. These data-sharing capabilities allow users to collaborate on cyber risk and compliance management activities more efficiently and accelerate reciprocity when submitting security packages, performing assessments and audits, and transferring crucial body of evidence data in a tool-agnostic format.