Service

Penetration Testing

Task type
Assess your risk level
Readiness Level
Foundational

Description

Penetration testing can be conducted from an external and/or internal view. A Rules of Engagement is drafted and signed by both parties that describe the scope of the engagement. Standard practices include:

  • Potential vulnerabilities tested based on the potential level of damage and in coordination with the customer
  • The pen tester shall remain in constant communication with the technical point of contact throughout the engagement
  • Penetration tests will only occur during agreed upon scheduled times on pre-determined systems
  • If a system is successfully penetrated, the pen tester will provide verification either by the placement of a file or screen shots

Contact

These are services offered to federal agencies through the federal shared services program. For other stakeholders looking for penetration testing services, please visit Cyber Hygiene Services | CISA.

This service is offered through our federal service partner, the U.S. Department of Transportation (DOT). For more detailed information about this service, please visit the DOT's Enterprise Services Center (ESC) website. 

For inquiries about ESC offered services or if interested in purchasing services, please contact us at: esc-cyberservices@faa.gov