Why choose Coeus?

The goal of Coeus is to ensure your website complies with government and commercial security standards. Our reports allow you to easily check for compliance with the click of a button. In one instance, six compliance dashboard features will automatically generate in a report on the security and configuration of your email or website domain, help you understand what each security feature means, and indicate areas for improvement. While email and website domain checks are free to the public through our Basic package, you can sign up to receive enhanced security features.

Upgrade to our Silver, Business, or Enterprise package and you could receive multiple domain scans, upload DNS zone, saved searches, DMARC Ingest on one domain, along with FISMA and CSV exports. Best of all, you will gain access to individual user accounts where you can set up automated monthly email reports based on your pre-selected security criteria and desired domains. This customizable and automated feature will help you continuously monitor for compliance and provide you with peace of mind.

Key features of Coeus:

• Verify domain ownership with DNS records through our Edge feature
• Customizable dashboard
• Compliance app shows a custom profile and domains that are tracked
• Monthly report automation
• Analyzed phishing reports emailed per domains
• Individual user profiles

Coeus will check:

HTTPS:  “OMB Memorandum M-15-13 … requires that all publicly accessible Federal websites and web services only provide service through a secure connection (HTTPS).”

This test checks for a valid SSL or TLS certificate using the Requests library. If the certificate cannot be verified, an SSLError is thrown and the domain fails. If the end host allows an insecure HTTP connection, this will also fail. 

HTTPS is only tested for domains that serve web content on ports 80 or 443. If there are any redirects, only the end host will be checked as it is compliant for an HTTP request to be redirected to a secure (HTTPS) host.

SPF: This test checks for a DNS TXT record that is properly formatted for SPF. If no such record exists, or if it is incorrect, it fails. Only domains with MX servers will be tested for SPF compliance.

DNSSEC: This test validates the DNS chain of trust. If a signed DNS record cannot be verified, it fails. If there is no signed DNS record, it also fails. All domains are tested for DNSSEC compliance.

DMARC: An email authentication protocol designed to ensure authenticity of sender’s identity.

SSL: This standard security protocol is tested to ensure data encryption between the web server and browser.

IPV6: IPV6 is the most recent version of the Internet Protocol in which agencies are required to upgrade public/external facing servers and services.

This test first connects to the domain with IPv4 and IPv6, then compares the content. If the content is identical, then it is IPv6 compliant. If the content doesn’t match or an IPv6 connection cannot be made, it fails.

HSTS: "Websites and services available over HTTPS must enable HTTP Strict Transport Security (HSTS) to instruct compliant browsers to assume HTTPS going forward."

This test checks for a strict-transport-security header with a max-age of more than zero. If the header is missing, or max-age is zero, it fails. If SSL failed, this test also fails. If a domain does not serve web content, HSTS is not applicable and therefore not tested.

MX: This test detects any Mail Exchange servers. This does not affect overall score.

DKIM: Testing this will verify domain name identity and check that an email was sent and authorized by the owner of such domain.