The City of San Mateo, California, has partnered with Lazarus Alliance for NIST 800-115 FISMA-compliant penetration and vulnerability testing.
SCOTTSDALE, Ariz., August 31, 2018 (Newswire.com) - Lazarus Alliance, a leading cyber security, governance, risk, and compliance (GRC) firm, announces its partnership with the City of San Mateo, California. Lazarus Alliance will be performing NIST 800-115 penetration and vulnerability testing in compliance with FISMA.
NIST SP 800-115, the Technical Guide to Information Security Testing and Assessment, was developed in furtherance of NIST’s statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA). It provides guidelines for organizations to plan and conduct technical information security testing and assessments, analyze findings, and develop mitigation strategies. These include practical recommendations for designing, implementing, and maintaining technical information relating to security testing and assessment processes and procedures. They can be used for several purposes, including finding vulnerabilities in a system or network or verifying compliance with a policy or other requirements.
Although NIST 800-115 was developed for use by federal government agencies, it is widely recognized as an industry standard for penetration testing and is utilized by many local governments and private-sector organizations.Cyber attacks against government organizations are on the rise. These attacks aren't just a matter of data security, they are a matter of public safety. There have been incidents where ransomware and other attacks against local governments have impacted critical public services.
“Cyber attacks against government organizations are on the rise. These attacks aren’t just a matter of data security, they are a matter of public safety. There have been incidents where ransomware and other attacks against local governments have impacted critical public services,” said Michael Peters, CEO of Lazarus Alliance. “By conducting NIST 800-115 vulnerability and penetration testing, the City of San Mateo is demonstrating its commitment to keeping its citizens safe. We look forward to working with them.”
To map the NIST testing guidelines to FISMA requirements, Lazarus Alliance will be utilizing Continuum GRC’s proprietary IT Audit Machine (ITAM), a cloud-based, all-in-one governance, risk, and compliance automation solution. ITAM contains a centralized repository of all IT compliance requirements, including FISMA, with associated controls and automated information flows for audits, assessments, and testing.
“ITAM was designed to significantly speed up the IT audit process without sacrificing accuracy. In fact, ITAM improves accuracy by ensuring that nothing is missed,” Peters noted. “Also, once we are finished performing the security tests, the city will have a centralized repository for all its governance, risk, and compliance data moving forward. They’ll be in a good position to maintain FISMA compliance and data security.”
Source: Lazarus Alliance