Compliance Norms define Control Groups and Tasks, which can be used to quickly set up new Pentests and Pentest Templates using standard Checklists and norms for a specific pentest or type of pentest. Cyver Core Compliance Norms function as pre-defined checklists of Control Groups with attached Tasks. You can create as many as you like and you can add as many as you like to a Pentest Template or Pentest.
Tasks from Compliance Norms will automatically populate in the Pentester’s backlog at Pentest start. In addition, all Findings are linked to Control Groups from Compliance Norms.
Supported Norms
Cyver Core offers pre-defined Compliance norms for common pentests and vulnerability assessments. Most of these pentests are performed using standardized checklists provided by the organization defining them, so it doesn't make sense to build your own each time. Cyver Core pre-populates drafts with common assessments, with Control Groups and Tasks linked in. You can customize and edit any of these to create your own version of the Compliance Norm.
- DigiD 2.0
- GDPR Checklist
- ISAE 3402
- ISO 27001:2013
- ISO 27017:2015
- OWASP API Security Top 10 2019
- OWASP ASVS 4.0
- OWASP MASVS 1.2
- OWASP MSTG 1.1.3
- OWASP OTG v4
- OWASP OTG v5
- OWASP Top 10 2017
- PCI-DSS v3.2
Cyver Core strives to offer out-of-the-box solutions for as many types of Pentesters as possible. For that reason, we will continue to add to this list. Check Draft Compliance Norms to see updates, check this list for a recent update, or check Documentation for updates.