|
| Home | Statistics | Documents | Catalog | StratEdit | XSLTForms | DNAOS | About | Portal | Glossary | Contact [!?] |
| Documents/SSCCSH/2: Penetration Testing |
|
Require cloud service providers to employ penetration testing capabilities Other Information: FedRAMP's Joint Authorization Board (JAB) should require that all cloud service providers wishing to do business with the Federal government employ penetration testing capabilities in the implemented operational environment in order to surveil, analyze, and respond to threats in real-time. This process of testing whether computing systems have been penetrated could be similar to the Payment Card Industry's Data Security Standard (PCI DSS), which is a well-established set of industry benchmarks for online payment services. Industry and government must decide together what will be subjected to penetration testing. Adopting the model contracting language included in Appendix 3 would help these entities arrive at a consensus on these and other issues while requiring: Stakeholder(s): Objective(s):
|
| sitemap | Copyright 1971-2012 01 COMMUNICATIONS INC. ALL RIGHTS RESERVED. - Powered by DNAOS | contact |