Request Demo

Product Information

Technical Resources

NetSpective® Compliance

The following briefly describes the law, regulation or best practice and highlights aspects that apply to application security. This page also describes how TeleMate.Net Software Security Solutions help you comply. Given the changing nature of laws, rules and regulations, please check the sponsoring organization for current guidelines.

Health Insurance Portability & Accountability Act (HIPAA)

Legislative Summary

The United States Health Insurance Portability and Accountability Act (HIPAA) mandates the privacy and security of personal health information from the various threats and vulnerabilities associated with information management. The Security Rule of the act recommends information security best practices to protect personal information. The goal of the Security Rule is to ensure the confidentiality, integrity and availability of personal health information. As it relates to web application security, HIPAA requires applicable organizations to perform a HIPAA security risk assessment to determine what applications and data are vulnerable, to ensure proper authentication, access control and logging systems, and to conduct ongoing auditing of information systems to test for newly discovered vulnerabilities. Web application security assessments should be used as part of the initial HIPAA compliance software program to show where your organization stands with security of personal health information.

TeleMate.Net Software capabilities:

  • Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private medical information
  • Verify that web application access to sensitive information is controlled by authentication and authorization
  • Identify web application command injection vulnerabilities that may execute malicious code or programs
  • Get detailed categorized security assessment reports

Children's Internet Protection Act (CIPA)

Overview of State Laws

Twenty-one states have Internet filtering laws that apply to public schools or libraries. The majority of these states simply require school boards or public libraries to adopt Internet use policies to prevent minors from gaining access to sexually explicit, obscene or harmful materials. However, some states also require publicly funded institutions to install filtering software on library terminals or school computers.

Federal Children's Internet Protection Act (CIPA)

Congress in 2000 enacted the Children's Internet Protection Act (CIPA) as part of the Consolidated Appropriations Act. The act provides for three different types of funding: 1) aid to elementary and secondary schools; 2) Library Services and Technology Act (LSTA) grants to states for support of public libraries; and 3) the E-rate program that provides technology discounts to schools and public libraries.

CIPA requires public libraries that participate in the LSTA and E-rate programs to certify that they are using computer filtering software to prevent the on-screen depiction of obscenity, child pornography or other material harmful to minors. The act allows adult library patrons to request that a librarian disable the filtering software. In order to receive E-rate discounts, libraries are not allowed to disable filtering programs for minor users. The Federal Communications Commission website provides background information about the Children's Internet Protection Act.

State By State Requirements:

http://www.ncsl.org/issuesresearch/telecommunicationsinformationtechnology/stateinternetfilteringlaws/tabid/13491/default.aspx#CIPA

TeleMate.Net Software capabilities:

  • Verify and controls that web application access to sensitive information is controlled by authentication and authorization
  • Provides detail reporting on access and acceptance of acceptable usage policy
  • Get detailed categorized security assessment reports

Children's Online Privacy Protection Act (COPPA)

Legislative summary

The Children's Online Privacy Protection Act (COPPA) was enacted in 2000 to protect the online collection of personal information about children under the age of 13. The goal of COPPA is to protect children's privacy and safety online in recognition of the easy access that children often have to the web. The law requires that website operators post a privacy policy on the site and outlines requirements for website operators to seek parental consent to collect children's personal information in certain circumstances.

The law applies not only to websites that are clearly directed toward children but to any website that contains general audience content where the website operators have actual knowledge that they are collecting personal information from children. An operator must post a link to a notice of its information practices on the home page of its website or online service and at each area where it collects personal information from children. An operator of a general audience site with a separate children's area must post a link to its notice on the home page of the children's area.

TeleMate.Net Software capabilities:

  • Verify that links to privacy policies exist at appropriate places in your web applications
  • Get detailed security assessment reports categorized by Children's Online Privacy Protection Act (COPPA) sections

NIST 800-53

Legislative Summary

The United States Congress passed the E-Government Act of 2002 in recognition of the importance of information security to the economic and national security interests of the United States. Title III of the act, entitled the Federal Information Security Management Act (FISMA), tasked the National Institute of Standards and Technology (NIST) with developing standards and guidelines to be used by all U.S. federal government agencies in implementing adequate information security as part of their information systems. There are three security objectives for information systems: confidentiality, integrity and availability. The purpose of the act is to:

  • Provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets
  • Provide effective government-wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security and law enforcement communities
  • Provide for development and maintenance of minimum controls required to protect federal information and information systems
  • Provide a mechanism for improved oversight of federal agency information security programs.
  • Acknowledge that commercially developed information security products offer advanced, dynamic, robust and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built and operated by the private sector

Each of the following FISMA sections requires that agency applications be protected against unauthorized access, use, disclosure, disruption, modification or destruction of information and that applications must be able to ensure the integrity, confidentiality, authenticity, availability and non-repudiation of information and information systems:

  • FISMA Sec.3544. (a)(1)(A)(i)
  • FISMA Sec.3547
  • FISMA Sec.3544. (a)(1)(A)(ii)

As part of its work to develop the requisite standards and guidelines for agencies to comply with these information system protections requirements under FISMA, the NIST produced "Special Publication 800-53 - Recommended Security Controls for Federal Information Systems," which outlines the security protections that should be put in place in federal information systems. Failure to comply with the controls in this NIST recommendation may constitute failure to comply with the FISMA requirements for information system protection.

TeleMate.Net Software capabilities:

  • Verify that web application access to sensitive information is controlled by authentication and authorization
  • Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
  • Check that data communication is encrypted
  • Validate that web application inputs are properly validated and not vulnerable to command injection or cross-site scripting attacks
  • Get detailed security categorized assessment reports

Federal Information Security Management Act (FISMA)

Legislative Summary

The United States Congress passed the E-Government Act of 2002 in recognition of the importance of information security to the economic and national security interests of the United States. Title III of the act, entitled the Federal Information Security Management Act (FISMA), tasked the National Institute of Standards and Technology (NIST) with developing standards and guidelines to be used by all U.S. federal government agencies in implementing adequate information security as part of their information systems. There are three security objectives for information systems: confidentiality, integrity and availability. The purpose of the act is to:

  • Provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets
  • Provide effective government-wide management and oversight of related information security risks, including coordination of information security efforts throughout the civilian, national security and law enforcement communities
  • Provide for development and maintenance of minimum controls required to protect federal information and information systems
  • Provide a mechanism for improved oversight of federal agency information security programs
  • Acknowledge that commercially developed information security products offer advanced, dynamic, robust and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built and operated by the private sector

Each of the following FISMA sections requires that agency applications be protected against unauthorized access, use, disclosure, disruption, modification or destruction of information and that applications must be able to ensure the integrity, confidentiality, authenticity, availability and non-repudiation of information and information systems:

  • FISMA Sec.3544. (a)(1)(A)(i)
  • FISMA Sec.3547
  • FISMA Sec.3544. (a)(1)(A)(ii)

As part of its work to develop the requisite standards and guidelines for agencies to comply with these information system protections requirements under FISMA, the NIST produced "Special Publication 800-53 - Recommended Security Controls for Federal Information Systems," which outlines the security protections that should be put in place in federal information systems. Failure to comply with the controls in this NIST recommendation may constitute failure to comply with the FISMA requirements for information system protection.

TeleMate.Net Software capabilities:

  • Verify that web application access to sensitive information is controlled by authentication and authorization
  • Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
  • Validate that web application inputs are properly validated and not vulnerable to command injection or cross-site scripting attacks
  • Get detailed security assessment reports categorized by FISMA sections

Sarbanes-Oxley Act (SOX)

Legislative Summary

The Sarbanes-Oxley Act (SOX), which falls under the U.S. Securities and Exchange Commission (SEC), was enacted on July 30, 2002. The Sarbanes-Oxley Act focuses on regulating corporate behavior for the protection of financial records instead of enhancing the privacy and security of confidential customer information.

Sarbanes-Oxley Act compliance can be difficult because it was not written specifically with information technology or information security in mind; however, there are various sections within the act that directly affect these functions in today's corporations. This includes how information is accessed, what leaves the corporate network and what information needs to be protected and retained over time. You should conduct web application security assessments for an initial SOX compliance risk assessment to understand your various internal controls. This can help public corporations perform audits on your systems and enhance the security of your financial data on an ongoing basis.

TeleMate.Net Software capabilities:

  • Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
  • Verify that web application access to sensitive information is controlled by authentication and authorization
  • Identify web application command injection vulnerabilities that may execute malicious code or programs
  • Validate that web application inputs are properly validated and not vulnerable to command injection or cross-site scripting attacks
  • Check that data communication is encrypted
  • Get detailed categorized security assessment reports
NetSpective URL Review
 
Contact Us
Microsoft Certified Partner All contents copyright © 1997-2010 TeleMate.Net Software. All rights reserved.