Meeting Compliance Requirements for Security Testing

CORE IMPACT can play a major role in your security testing compliance initiatives – both by fulfilling direct mandates for penetration testing and by validating that other security defenses, policies and procedures are in-place and working as required.

PCI

The payment card industry presents a prime target for hackers seeking access to credit card numbers, social security numbers and other consumer information.  The Payment Card Industry (PCI) Data Security Standard, which requires regular penetration testing, was established to govern all transactions involving cardholder data. CORE IMPACT provides the capabilities you need to both protect customer data and comply with the PCI Standard.

• Learn how CORE IMPACT assists with PCI compliance initiatives

HIPAA

HIPAA legislation mandates that all healthcare institutions implement appropriate information security policies and procedures to protect ePHI (electronic Protected Health Information). CORE IMPACT helps you to better understand your network environment, while enabling you to comply with HIPAA's network testing requirements.

• Learn how CORE IMPACT assists with HIPAA compliance initiatives

GLBA

The Gramm-Leach-Bliley Act (GLBA) was enacted in response to the rapid increase in Internet banking and online access to account information. The law stipulates that all financial institutions establish appropriate security standards to protect customer data from internal and external threats and unauthorized access occurring through online systems and networks. Penetration testing with CORE IMPACT helps you to both secure your customer information and comply with the GLBA.

• Learn how CORE IMPACT assists with GLBA compliance initiatives

NIST SP 800-53A

The NIST Special Publication (SP) 800 documents establish penetration testing as the preferred method for auditing security controls under the Federal Information Systems Management Act (FISMA). NIST Special Publication 800-53A specifically demands penetration testing that exploits vulnerabilities and demonstrates how security controls have been tested against multistaged attacks. Using CORE IMPACT is the most effective manner to test security defenses and demonstrate the required level of adherence to FISMA and the NIST SP 800 documents.

• Learn how CORE IMPACT assists with NIST SP 800-53A compliance initiatives

SOX

The Sarbanes-Oxley Act necessitates that all public organizations implement a series of internal controls that create a "system of record," along with associated procedures to transmit, store and protect its corresponding data. Penetration testing with CORE IMPACT helps you comply with both the letter and the spirit of the law by actually proving whether your organization's internal controls can prevent unauthorized access to information assets.

• Learn how CORE IMPACT assists with Sarbanes-Oxley compliance initiatives

Core Security White Papers

The Rise of Security Testing
Learn why comprehensive security testing is critical to proactive IT risk management.

• View the white paper

Smarter Security Spending
Learn how comprehensive testing helps to drive increased security ROI in a stormy economy.

• View the white paper

Success Story

"To prove that our security testing is both consistent and unbiased, we´re required to have an outside entity provide us with accreditation. Because of the approach we´ve established testing with CORE IMPACT, and the ability to respond quickly and patch any issues, we remain confident that auditors will recognize that we´ve tested everything to best of our abilities in the same manner that a hacker would."
James Barth
Chief Security Engineer
Teachers Retirement System of Georgia

• Read the full story
• View other success stories
• View more customers