FISMA NIST 800-171 Compliance and Application Security

National Institute of Standards and Technology (NIST) developed Special Publication 800-171 to provide guidelines on
protecting confidentiality of Controlled Unclassified Information (CUI) in non Federal systems
and organizations and recommend security requirements for this.

NIST Special Publication 800-171 Revision 1 for FISMA

FISMA NIST 800-171 imposes various data protection, privacy and security testing requirements on all companies that must adhere to it. Web and mobile application security is an important part of FISMA NIST 800-171 compliance process:

This publication (“Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”) has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283.

SECURITY REQUIREMENT 3.11.2

“Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified”

SECURITY REQUIREMENT 3.12.1

“Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.”

SECURITY REQUIREMENT 3.12.3

“Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.”

SECURITY REQUIREMENT 3.14.1

“Identify, report, and correct system flaws in a timely manner.”

ImmuniWeb® Products for FISMA NIST 800-171 Compliance

Application security and compliance starts with visibility. You cannot protect what you don't know. Therefore, we recommend starting FISMA NIST 800-171 with an asset discovery and inventory.

ImmuniWeb® Discovery rapidly detects your external web, mobile and cloud assets equipped with asset’s attractiveness and hackability scores. Based on Big Data and our proprietary AI technology, the entire process is rapid and non-intrusive. Once you have a comprehensive and up2date inventory of your assets, you are ready to start a well-informed and risk-based application security testing:

ImmuniWeb® Discovery
ImmuniWeb® Discovery Asset Inventory and Risk Ratings
Web Mobile API Cloud
Freemium

For one-time security testing of your web applications and APIs, we recommend using ImmuniWeb® On-Demand:

ImmuniWeb® On-Demand
ImmuniWeb® On-Demand Web Application Penetration Test
Web API Cloud
From $499

For iOS and Android mobile apps and their backend (e.g. API or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite:

ImmuniWeb® MobileSuite
ImmuniWeb® MobileSuite Mobile Application Penetration Test
Mobile API Cloud
From $1,499

For most critical applications that directly impact your FISMA NIST 800-171 we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code:

ImmuniWeb Continuous
ImmuniWeb® Continuous 24/7 Monitoring and Penetration Testing
Web API Cloud
From $1,199 / month

All ImmuniWeb® products leverage our award-winning Multilayer Application Security Testing and AI technology for intelligent automation and acceleration of Application Security Testing. Driven by human penetration testing, it rapidly detects even the most sophisticated vulnerabilities and comes with a zero false-positives SLA.

Quick Start
Products
Free Trial
Newsletter