Re: Pentest Letter of Achievement/Certificate

From: Tim (pand0ra.usa@gmail.com)
Date: Sat Jul 16 2005 - 02:07:02 EDT

• Next message: pol.dls pol.dls: "Re: Bluetooth"
• Previous message: Lyal Collins: "RE: Suggested lab materials/systems/setup?"
• In reply to: blowfish 448: "Pentest Letter of Achievement/Certificate"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

NIST has guidance on doing C&A (Certification & Accredation). The NIST
Special Publication 800-18 or the soon to be 800-53 are some good
documents to look at.

http://csrc.nist.gov/publications/nistpubs/index.html
http://www.nist.gov

On 7/12/05, blowfish 448 <blowfish448@hotmail.com> wrote:
> Hi,
>
> any of you know if any 'standards' or accepted guidelines exist for a letter
> or certification
> of succesfull resistance to Penetration Testing/Vulnerability Assessment.
> Customers often
> demand to have a proof delivered by their Penetration Test service provider
> to show to their
> partners and customers.
>
> The idea of course is not to disclose sensitive information but to briefly
> describe
> the environment tested and how - according to which methodologies and the
> attack vectors
> tested for.
>
>
> Thanks in advance
>
>
>

-- 
Tim Van Cleave, CISSP, NSA IAM, CXE
AIM - pand0rausa
MSN - m0rt15
Yahoo - pand0ra_usa

• Next message: pol.dls pol.dls: "Re: Bluetooth"
• Previous message: Lyal Collins: "RE: Suggested lab materials/systems/setup?"
• In reply to: blowfish 448: "Pentest Letter of Achievement/Certificate"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:35 EDT