Recognized frameworks include, at minimum, requirements that a regular vulnerability assessment of either the production network and / or web application be performed. Depending upon your environment the following frameworks potentially required these assessments:
- Sarbanes-Oxley (SOX);
- Statements on Standards for Attestation Engagements 16 (SSAE 16 / SOC 1);
- Service Organization Controls (SOC) 2 / 3;
- Payment Card Industry Data Security Standard (PCI DSS);
- Health Insurance Portability and Accountability Act (HIPAA);
- Gramm Leach Bliley Compliance (GLBA); and
- Federal Information System Controls Audit Manual (FISCAM).