Recognized frameworks include, at minimum, requirements that a regular vulnerability assessment of either the production network and / or web application be performed. Depending upon your environment the following frameworks potentially required these assessments:

  • Sarbanes-Oxley (SOX);
  • Statements on Standards for Attestation Engagements 16 (SSAE 16 / SOC 1);
  • Service Organization Controls (SOC) 2 / 3;
  • Payment Card Industry Data Security Standard (PCI DSS);
  • Health Insurance Portability and Accountability Act (HIPAA);
  • Gramm Leach Bliley Compliance (GLBA); and
  • Federal Information System Controls Audit Manual (FISCAM).