“I’d like to personally thank the SBA’s Branch Chief for Security Policy & Compliance and Office of the Chief Information Officer, and those members of the FedRAMP PMO who supported our interesting use case. It has been our mission to help the small business community that is America's economic engine, and we are looking forward to doing great things together.” said Michael Peters, CEO of Continuum GRC.
The United States Small Business Administration (SBA) partnered with Continuum GRC for FedRAMP Authorization following an extensive period of evaluation of our tool. Their interest was how the tool scaled GRC capabilities to not only the SBA’s internal requirements, but also to the multitude of America’s small businesses they supported.
In our continuing series on penetration testing, we have discussed different approaches to pen testing the benefits of conducting such tests. Here, we will continue by addressing penetration testing as a practice inside one of the most important security frameworks for federal agencies and contractors: NIST 800-53.
While the core documentation of NIST 900-53 contains hundreds of security controls, one dedicated section speaks to the value and best practices of penetration testing. Here, we’ll discuss how penetration testing plays a role in NIST 800-compliance and how you can incorporate it into your compliance strategy.