Increasingly, US federal agencies rely on complex and internetworked software to enable their mission. As federal services from taxpayer information to national defense move onto the Web, agencies have a driving need to ensure that the software managing those services and related data is written securely. The regulatory environment has expanded recently to address the need for ongoing, measurable software security assurance programs, and is mandating that agencies demonstrate their compliance.
Agencies, armed with automated software security assurance tools such as those that Ounce Labs provides, can now have the metrics and policy compliance information they need to report to agency heads and federal regulators on the process and state of their software security assurance efforts. This guide provides key agency personnel charged with fulfilling these various regulatory requirements with a quick reference to understanding:
- The major compliance categories into which software security assurance activities fall, including Risk Assessment, Identification and Authentication, and Vulnerability Remediation.
- The applicable regulatory and compliance frameworks and the specific control activities within each that apply to application security assurance activities.
- The Ounce Labs solution and the way in which its capabilities can provide the necessary metrics and policy compliance information to help prove compliance with these activities.
Posts
