Compliance Glossary

NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment aims at assisting the organization in discovering the system vulnerabilities through risk assessment and periodic penetration testing. This helps understand the effectiveness of security controls and the flaws that could be exploited by an attacker.

This guide has been divided into some chapters dealing with varied aspects of the security test:

• Overview of Security Testing and Examination: This introduces basic concepts and principles of security testing.
• Overview of the Techniques: The methods to analyze controls and configurations are discussed.
• Target Identification and Analysis: These are techniques to identify target systems and analyze the state of security of the identified systems. The activities include network discovery, vulnerability scanning, and wireless scans.
• Validation Techniques of Target Vulnerability: These are the processes to validate the existence of an identified vulnerability with impact using penetration testing techniques.
• Security Assessment Planning: This involves patch management and incident response activities for identified vulnerabilities, ensuring that the software maintains its integrity and security after release.
• Conducting the Security Assessment: It entails conducting safety and security assessments and detailing exactly how it would be done by making tests and evaluations.
• Activities Post-Testing: This entails reporting and remediation post-testing

NIST SP 800-115 also accommodates baseline competencies to be used to execute these types of assessments as well as methods of testing.