cybersecurity related images

Penetration Testing

Penetration Testing for exploitable vulnerabilities within your environment

Penetration testing can be conducted from an external and/or internal view. A Rules of Engagement (ROE) is drafted and signed by both parties that describe the targeted systems, scope, constraint, and notifications as well as any disclosures of the engagement. Standard practices include:

  • Potential vulnerabilities tested based on the potential level of damage and in coordination with the customer
  • The pen tester shall remain in constant communication with the technical point of contact throughout the engagement
  • Penetration tests will only occur during agreed upon scheduled times on pre-determined systems
  • If a system is successfully penetrated, the pen tester will provide verification either by the placement of a file or screen shots
  • A Penetration Test Report will be provided that includes an executive summary, a walkthrough of technical risk, potential impact of vulnerabilities found, and vulnerability remediation options
  • Specific guidance for conducting these Penetration Test activities are Federal Risk and Authorization Management Program (FedRAMP) based and follow the guidelines of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment

Eligibility

Federal civilian agencies are eligible to use these cybersecurity services from the DOT Enterprise Services Center (ESC). Department of Defense (DOD) organizations may be eligible for ESC cybersecurity services if their systems are unclassified.

Interested in this Fed-to-Fed service? Get a quote!

To get started, reach out to the ESC team. We will send you a simple questionnaire to fill out. Return the completed questionnaire to us and we will promptly develop a firm fixed-price quote, to include proposed schedules. If you just need a rough order of magnitude (ROM) estimate for budget planning purposes, just let us know.

Contact ESC at CyberServices@esc.gov to get more information and assistance.