Federal Information Security Management Act Report

 Scan Name: webscantest
 Date: 10/24/2017 7:44:45 AM
 Authenticated User: admin
 Total Links / Attackable Links: 475 / 475
 Target URL: https://webscantest.com
http://webscantest.com
 Reports:

Important Compliance Information and Limit of Liability

This information has been gathered during a scan of your web application. By checking your online properties for issues such as insecure data collection forms, cookie presence, third-party links, cross-site-scripting vulnerabilities, and SQL-injection vulnerabilities, the scan generates an automatic checklist of potential compliance issues. By taking advantage of this information, you can then proactively filter and prioritize identified issues to ensure faster remediation of your organization's most critical regulatory compliance concerns.

It is important to note that while this automatically-generated information is intended to greatly enhance the efficiency with which you may remediate compliance issues, it does not presume to represent the full scope of compliance with FISMA regulations. These results represent a subset of the requirements that can be gathered automatically from your web application. Further, as regulations are subject to change, this report may have been generated with a version of the application that has not been updated to reflect those changes. It is therefore the sole responsibility of the user to know the regulations and comply with them.

The issues presented in this report correspond to the Federal Information Security Management Act (FISMA).

The information presented here is not to be regarded as legal advice. It does not express or imply any guarantee of compliance with any law or regulation. It is the sole responsibility of the user of this report to seek competent legal counsel for advice on compliance with any laws and regulatory requirements and to otherwise take whatever measures are necessary for such compliance. Rapid 7 Inc. assumes no responsibility for any use or misuse of any information presented in this report.


FISMA Compliance Results

The results of this report do not cover the full set of requirements for FISMA compliance. This information has been gathered during a scan of your web application, and will only cover the following requirements as is possible from a "blackbox" analysis.
For access to the Federal Information Security Management Act visit their website http://csrc.nist.gov/drivers/documents/FISMA-final.pdf.

Pass or Fail for a requirement is based on the sub-requirements we are able to test for in an automated Web Application Assessment. All other sub-requirements are not factored in.

3543. Authority and Functions of the Director

(a) IN GENERAL: The Director shall oversee agency information security policies and practices, including:
(2) requiring agencies, consistent with the standards promulgated under such section 11331 and the requirements of this subchapter, to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of:
(A) information collected or maintained by or on behalf of an agency; or (B) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency
Failed
Failed
Failed

3544. Federal Agency Responsibilities

(a) IN GENERAL: The head of each agency shall (1) be responsible for:
(A) providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of:
(i) information collected or maintained by or on behalf of the agency; and (ii) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency
Failed
Failed
Failed