Technical IT Compliance
This certification substantially covers the cybersecurity requirements of relevant standards such as ÖNORM A7700, the Security Web Standard of the Federal Office for Information Security [BSI], the Open Web Application Security Project – Top 10 Most Critical Security Risks for Web Applications (OWASP/Top10), the Application Security Verification Standard (OWASP/ASVS), the technical requirements from ISO 27001 or ISAE 3402 for audit reports in IT service companies as well as the Payment Card Industry Data Security Standard (PCI DSS). Subsequently, ongoing trusted security monitoring of the online systems ensures a maximum possible level of protection. This means that with presentation of the cybersecurity certificate, the technical security requirements of the aforementioned standards in the sector of cybersecurity are taken into account.
Configurable settings for SOX, FISMA, HIPAA CERT, DISA, STIG, NSA, GLBA, HIPAA, PCI DSS, SCAP-based audit policies (FDCC/USGCB, NIST, DISA, STIG), CIS benchmarks, NIST, NSA, and other best practice policies
WebApp und Mobile App Compliance
Configurable settings for CWE 2011, HIPAA, ISO 27001, NIST SP800 53, OWASP Top 10 2017, OWASP ASVS, PCI DSS 3.2, Sarbanes Oxley, STIG DISA, WASC threat classification
Source Code Compliance
Configurable settings for PCI DSS, HIPAA, SANS 25, OWASP Top 10, MISRA, MITRE CWE, BSIMM