• Solutions

• Solutions Overview
  • About Our Solutions
  • Determine Exposure to Real-World Threats
  • Perform Continual, Automated Testing
  • Assess Security Across IT Layers
  • Validate Security Controls
  • Connect Security Data to Business Risk

• Solutions by Industry
  • Government
  • Health Care
    • Respond to the HITECH ACT
    • Validate HIPAA Compliance
    • Limit Unauthorized Insider Activities
    • Maximize limited security staffing
    • Drive down Web-based Security Risks
    • Insulate Your Networks from Unauthorized Devices
    • Diminish the Impact of Social Engineering
    • Validate security investments
  • Higher Education
    • Overview
    • Assess exposure to potential data breaches
    • Insulate networks from unmanaged devices
    • Limit unauthorized insider activities
    • Drive down web-based security risks
    • Maximize limited security staffing
    • Diminish the impact of social engineering
    • Validate security investments
    • Meet compliance demands

• Solutions for Compliance
• Validate Security Controls
• FISMA / NIST
• NIST 800-137
• NIST 800-39
• NIST 800-53
• GLBA
• HIPAA
• PCI
• SOX
• CAG

SHARE

Addressing NIST SP 800 Security Controls Guidelines

The NIST Special Publication (SP) 800 documents establish penetration testing as the preferred method for auditing security controls under the Federal Information Systems Management Act (FISMA), with which all federal agencies must comply. With this requirement, NIST recommends that agencies proactively test their network and IT defense mechanisms using assessment techniques that simulate the actions of real-world attacks. Recently, NIST guidelines specifically demand penetration testing that goes beyond the use of scanners to exploit vulnerabilities and demonstrate how security controls have been tested against the same types of multi-staged attacks that are being aimed at their assets on a daily basis.

Core Security solutions provide the most effective manner to test security defenses and demonstrate the required level of adherence to FISMA and the NIST SP 800 documents. By acquiring the ability to carry out regular, controlled and safe exploit simulations against a wide range of vectors – including networks, endpoints, web applications, end users, and wireless networks -- federal agencies will be able to provide explicit proof of their compliance, along with associated documentation, to GAO auditors as they carry out their annual e-security assessments.

Learn how Core Security addresses specific NIST guidelines:

• NIST SP 800-39: Guide for Applying the Risk Management Framework
• NIST SP 800-53: Recommended Security Controls
• NIST SP 800-137: Information Security Continuous Monitoring

Related information from Core Security

• White Paper: Putting NIST Guidelines for Information Security Continuous Monitoring into Practice
  This whitepaper discusses how security testing and measurement solutions from Core Security Technologies can help your agency adhere to NIST’s recommendations for Information Security Continuous Monitoring

• On-Demand Webcast:  “Aligning Your Agency with FISMA and NIST via Proactive Security Testing”
  Join IT security and compliance expert Mike Rothman, chief analyst at Security Incite, for a discussion of the implications of NIST and the larger benefits of proactive security testing.

• Security Testing Products for Addressing NIST Guidelines
  Learn more about the CORE INSIGHT Enterprise security test and measurement solution and the CORE IMPACT Pro penetration testing solution.

• FISMA-Compliant Security Testing Reports
  Visit this page for examples of CORE IMPACT´s reporting capabilities. IMPACT provides detailed audit trails of all tests performed, providing you with the information you need to validate that FISMA-mandated security measures are in-place and working effectively.

Related information from NIST

• National Institute of Standards and Technology FISMA website
• NIST SP 800 Series Documents
• NIST Information Technology Lab Bulletins