cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dbohlmann
Newcomer I

Port scanning test and report approved by GSA

I don't know if there is such a thing, but I get asked from time to time if our products have been "GSA port scanned".  Does the GSA have a document of recommendations or a framework or a toolset defined that I can run against my products to show 'compliance', or have some results?  In the past we've had a few government facilities do their own scan and would/would not provide us results, depending.  Is there a publicly available document that describes the requirements and "expected results"?  Or is there really no such thing and it depends on the particular service or department (non-military)?

2 Replies
MrJackBadger
Newcomer I

No such thing by standard.  The closest you'll get is the FedRAMP process for cloud providers:

 

fedramp.gov

https://www.fedramp.gov/provide-public-comment/vulnerability-scanning-requirements-and-process-clari...

 

 

ask your customers if that's what they mean.

dbohlmann
Newcomer I

I will keep that in mind since we do have cloud services.  Thanks.

 

The customer was asking in particular for a router that we make, though.