Penetration testing requirements for NIST SP 800-53

Year after year, security threats continue to get complicated and sophisticated. An enterprise cannot wait for attackers to exploit vulnerabilities in their systems. It needs to adopt proactive security measures to remain a step ahead of the attackers. Penetration testing is one such exercise that seeks to test the efficiency of enterprise systems. It aims … Continued

NIST 800-171: Penetration testing and vulnerability scanning

In June 2015, NIST published a special publication 800-171 focusing on the protection of controlled unclassified information (CUI). This publication has been developed by NIST to further its statutory obligations under the Federal Information Security Modernization Act (FISMA) of 2014. Over the last five years, there have been a couple of revisions, and the latest … Continued

NIST Cybersecurity Framework Compliance

The first version of the NIST Cybersecurity Framework was published in 2014, and it was updated for the first time in April 2018. Although there have not been any substantial changes, however, there are a few new additions and clarifications. Appendix A of this framework is often called the Framework Core, and it is a twenty-page document that lists five functions – Identify, … Continued

HIPAA and Penetration Testing – Part II

In the first part of this article, we discussed the basics of HIPAA along with the Privacy Rule and the Security Rule in brief. It must be noted that the Security Rule only applies to ePHI, and it prescribes three types of safeguards – administrative, technical, and physical. Each of these safeguards is discussed in … Continued