ANSI X9.111 Penetration Testing Standard

InfoGard is pleased to announce that ANSI X9.111 Penetration Testing within the Financial Services Industry has been submitted for ballot and is expected to be approved shortly as an ANSI Standard.  InfoGard has played a lead role in the creation of X9.111 by proposing and authoring the standard as part of our work within the American National Standards Institute (ANSI) ASC X9F4 working group.

The ANSI X9.111 standard provides a framework for specifying, describing, and conducting penetration testing.  By specifying processes for conducting penetration testing, ANSI X9.111 allows financial organizations interested in obtaining penetration testing services to work with penetration test providers  to define the objects to be tested, the level of testing, and the set of testing and reporting expectations.  It is anticipated that this standard will be widely adopted as it will assist organizations in their efforts to comply with industry regulations that require regular penetration testing, such as the Payment Card Industry (PCI) Data Security Standards (DSS). 

Useful links:
PCI Security Standards Council: https://www.pcisecuritystandards.org/
ANSI Accredited Standards Committee X9:  http://www.x9.org/home
Purchase ANSI X9 publications online:  http://www.techstreet.com/x9gate.tmpl