Fluid Attacks logo
Login
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO

R070. Define automated security testing

This document contains the details of the security requirements related to the definition and management of logical architecture in the organization. This requirement establishes the importance of defining a set of automated security testing as part of the deployment process.

Requirement

There must be a set of automated security tests that run as part of the deployment process (eg: unit, integration, functional).

Description

System configuration is essential when it comes to security issues. The system must follow the industry’s standard configurations that prevent all known vulnerabilities. As part of these configurations, it should also include a set of tests that asses the conservation of the security settings, and that help prevent the inclusion of new insecure functionalities.

References

  1. GDPR. Art. 32: Security of processing.(1)(d). The controller and the processor shall implement appropriate technical and organizational measures to ensure an appropriate level of security, including a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

  2. HIPAA Security Rules 164.312(c)(2): Mechanism to Authenticate Electronic Protected Health Information: Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.


Service status - Terms of Use