Core Security Endorses New Federal Information Security Guidelines

Core Security Endorses New Federal Information Security Guidelines

BOSTON, MA - June 30, 2008 - Core Security Technologies today announced that CORE IMPACT, the most comprehensive product for proactive security testing, can be used to help U.S. federal agencies comply with the new information security assessment guidelines outlined by the National Institute of Standards and Technology (NIST).

Released earlier today, NIST Special Publication 800-53A, Appendix G ( advocates the use of penetration testing technology by all federal agencies as a key component of an effective security assessment plan. 

"It’s great to see the federal government taking steps to ensure that penetration testing is widely used as a method of assessing real-world risks,” said Robert Maley, chief information security officer for the Commonwealth of Pennsylvania. “Gaining a comprehensive view of vulnerabilities across an organization's security infrastructure is an important step in enhancing the security posture of our federal agencies. Pennsylvania has been using CORE IMPACT for some time as a critical component of our security assurance program."

Appendix G outlines best practices for implementing a penetration testing program to accurately identify and speed the remediation of information system weaknesses, thereby helping these agencies meet the Federal Information Security Management Act (FISMA) compliance requirements. According to the publication, an effective penetration test provides organizations the ability to …

  • provide explicit proof of actual risks and detail the level of effort an adversary would need to expend in order to cause harm to the organization’s operations and assets;
  • test for incorrect system configurations, trust relationships between organizations, and architectural weaknesses within the target environment; and,
  • reproduce a detailed log and/or audit trail of all the activities performed during the security test.

To validate security measures and facilitate regulatory compliance requirements, government agencies have increasingly turned to CORE IMPACT to regularly test their security defenses against real threats. By automating previously manual, time consuming and expensive tests, CORE IMPACT considerably shortens the penetration testing process and helps agencies to safely prove the effectiveness of their security investments. The product generates comprehensive reports that can be easily customized and shared with auditors and other parts of the organization.

“CORE IMPACT enables organizations to easily follow the NIST guidelines and integrate penetration testing seamlessly into their ongoing security practices,” said Tom Kellermann, vice president of security awareness at Core Security Technologies. “IMPACT arms IT professionals with an award-winning product to diagnose real exposures and provide the critical information they need to defend themselves against security vulnerabilities, all the while fostering an effective regulatory compliance strategy.”


CORE IMPACT is the most comprehensive product for performing enterprise security assurance testing. By safely, efficiently and quickly identifying how vulnerable assets can be breached, CORE IMPACT gives security professionals the information they need to help them better secure their networks, desktop systems, end users and web applications. CORE IMPACT, which is now used by more than 600 organizations worldwide, enables security professionals to identify what resources are exposed and determine if their current security investments are successfully detecting and preventing attacks. With its flexible reporting tools, CORE IMPACT makes it easy to share penetration testing results with auditors to help satisfy compliance requirements.

About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their IT infrastructure. The company’s flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. IMPACT evaluates servers, desktop systems, end users and web applications by identifying what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at

Justin Drake or Megan Prock
Schwartz Communications
781 684-0770 

Mon, June 30