Penetration Testing
Description
Penetration testing can be conducted from an external and/or internal view. A Rules of Engagement is drafted and signed by both parties that describe the scope of the engagement. Standard practices include:
- Potential vulnerabilities tested based on the potential level of damage and in coordination with the customer
- The pen tester shall remain in constant communication with the technical point of contact throughout the engagement
- Penetration tests will only occur during agreed upon scheduled times on pre-determined systems
- If a system is successfully penetrated, the pen tester will provide verification either by the placement of a file or screen shots
Contact
These are services offered to federal agencies through the federal shared services program. For other stakeholders looking for penetration testing services, please visit Cyber Hygiene Services | CISA.
This service is offered through our federal service partner, the U.S. Department of Transportation (DOT). For more detailed information about this service, please visit the DOT's Enterprise Services Center (ESC) website.
For inquiries about ESC offered services or if interested in purchasing services, please contact us at: esc-cyberservices@faa.gov.