• Solutions

• Solutions Overview
  • About Our Solutions
  • Determine Exposure to Real-World Threats
  • Perform Continual, Automated Testing
  • Assess Security Across IT Layers
  • Validate Security Controls
  • Connect Security Data to Business Risk

• Solutions by Industry
  • Government
  • Health Care
    • Respond to the HITECH ACT
    • Validate HIPAA Compliance
    • Limit Unauthorized Insider Activities
    • Maximize limited security staffing
    • Drive down Web-based Security Risks
    • Insulate Your Networks from Unauthorized Devices
    • Diminish the Impact of Social Engineering
    • Validate security investments
  • Higher Education
    • Overview
    • Assess exposure to potential data breaches
    • Insulate networks from unmanaged devices
    • Limit unauthorized insider activities
    • Drive down web-based security risks
    • Maximize limited security staffing
    • Diminish the impact of social engineering
    • Validate security investments
    • Meet compliance demands

• Solutions for Compliance
• Validate Security Controls
• FISMA / NIST
  • NIST 800-137
  • NIST 800-39
  • NIST 800-53
• GLBA
• HIPAA
• PCI
• SOX
• CAG

SHARE

Validating Security Controls for Compliance and Beyond

Validate Security Controls

Core Security solutions can play a major role in your security testing compliance initiatives – both by fulfilling direct mandates for penetration testing and by validating that other security defenses, policies and procedures are in-place and working as required.

• Learn how Core Security solutions enable you to go beyond compliance and achieve more comprehensive controls validation

FISMA / NIST

The NIST Special Publication (SP) 800 documents establish penetration testing as the preferred method for auditing security controls under the Federal Information Systems Management Act (FISMA). NIST Special Publication 800-53A specifically demands penetration testing that exploits vulnerabilities and demonstrates how security controls have been tested against multistaged attacks. Our solutions provide the most effective manner to test security defenses and demonstrate the required level of adherence to FISMA and the NIST SP 800 documents.

• Learn how Cosre Security assists with NIST SP 800-53A compliance initiatives

GLBA

The Gramm-Leach-Bliley Act (GLBA) was enacted in response to the rapid increase in Internet banking and online access to account information. The law stipulates that all financial institutions establish appropriate security standards to protect customer data from internal and external threats and unauthorized access occurring through online systems and networks. Penetration testing with our solutions help you to both secure your customer information and comply with the GLBA.

• Learn how Core Security assists with GLBA compliance initiatives

HIPAA

HIPAA legislation mandates that all healthcare institutions implement appropriate information security policies and procedures to protect ePHI (electronic Protected Health Information). Our solutions help you to better understand your network environment, while enabling you to comply with HIPAA's network testing requirements.

• Learn how Core Security assists with HIPAA compliance initiatives

PCI

The payment card industry presents a prime target for hackers seeking access to credit card numbers, social security numbers and other consumer information.  The Payment Card Industry (PCI) Data Security Standard, which requires regular penetration testing, was established to govern all transactions involving cardholder data. Our solutions provide the capabilities you need to both protect customer data and comply with the PCI Standard.

• Learn how Core Security assists with PCI compliance initiatives

SOX

The Sarbanes-Oxley Act necessitates that all public organizations implement a series of internal controls that create a "system of record," along with associated procedures to transmit, store and protect its corresponding data. Our solutions help you comply with both the letter and the spirit of the law by actually proving whether your organization's internal controls can prevent unauthorized access to information assets.

• Learn how Core Security assists with Sarbanes-Oxley compliance initiatives

CAG

The introduction to the Consensus Audit Guidelines (CAG), first published by training specialists at The SANS Institute in Feb. 2009, specifically cites the need for federal cyber-security controls that are tacitly proactive and can “inform defense” of actual attacks that have compromised systems, or those that could transpire to do so.

• Learn how Core Security assists with CAG compliance initiatives