Core Security Endorses New Federal Information Security Guidelines  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

FISMA News

Core Security Endorses New Federal Information Security Guidelines

(July 01, 2008)-- Core Security Technologies today announced that CORE IMPACT, the most comprehensive product for proactive security testing, can be used to help U.S. federal agencies comply with the new information security assessment guidelines outlined by the National Institute of Standards and Technology (NIST). NIST Special Publication 800-53A, Appendix G (http://csrc.nist.gov) advocates the use of penetration testing technology by all federal agencies as a key component of an effective security assessment plan.

"It's great to see the federal government taking steps to ensure that penetration testing is widely used as a method of assessing real-world risks,” said Robert Maley, chief information security officer for the Commonwealth of Pennsylvania. “Gaining a comprehensive view of vulnerabilities across an organization's security infrastructure is an important step in enhancing the security posture of our federal agencies. Pennsylvania has been using CORE IMPACT for some time as a critical component of our security assurance program."

Appendix G outlines best practices for implementing a penetration testing program to accurately identify and speed the remediation of information system weaknesses, thereby helping these agencies meet the Federal Information Security Management Act (FISMA) compliance requirements. According to the publication, an effective penetration test provides organizations the ability to …

* provide explicit proof of actual risks and detail the level of effort an adversary would need to expend in order to cause harm to the organization’s operations and assets;
* test for incorrect system configurations, trust relationships between organizations, and architectural weaknesses within the target environment; and,
* reproduce a detailed log and/or audit trail of all the activities performed during the security test.

To validate security measures and facilitate regulatory compliance requirements, government agencies have increasingly turned to CORE IMPACT to regularly test their security defenses against real threats. By automating previously manual, time consuming and expensive tests, CORE IMPACT considerably shortens the penetration testing process and helps agencies to safely prove the effectiveness of their security investments. The product generates comprehensive reports that can be easily customized and shared with auditors and other parts of the organization.

“CORE IMPACT enables organizations to easily follow the NIST guidelines and integrate penetration testing seamlessly into their ongoing security practices,” said Tom Kellermann, vice president of security awareness at Core Security Technologies. “IMPACT arms IT professionals with an award-winning product to diagnose real exposures and provide the critical information they need to defend themselves against security vulnerabilities, all the while fostering an effective regulatory compliance strategy.”

Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.