Gramm-Leach-Bliley-Act Report

 Scan Name: Webscantest
 Date: 9/12/2017 9:33:08 PM
 Authenticated User: testuser
 Total Links / Attackable Links: 409 / 409
 Target URL: http://webscantest.com/
https://webscantest.com/
 Reports:

Important Compliance Information and Limit of Liability

This information has been gathered during a scan of your web application. By checking your online properties for issues such as insecure data collection forms, cookie presence, third-party links, cross-site-scripting vulnerabilities, and SQL-injection vulnerabilities, the scan generates an automatic checklist of potential compliance issues. By taking advantage of this information, you can then proactively filter and prioritize identified issues to ensure faster remediation of your organization's most critical regulatory compliance concerns.

It is important to note that while this automatically-generated information is intended to greatly enhance the efficiency with which you may remediate compliance issues, it does not presume to represent the full scope of compliance with Gramm-Leach-Bliley-Act regulations. These results represent a subset of the requirements that can be gathered automatically from your web application. Further, as regulations are subject to change, this report may have been generated with a version of the application that has not been updated to reflect those changes. It is therefore the sole responsibility of the user to know the regulations and comply with them.

The issues presented in this report correspond to the Gramm-Leach-Bliley-Act (GLB).

The information presented here is not to be regarded as legal advice. It does not express or imply any guarantee of compliance with any law or regulation. It is the sole responsibility of the user of this report to seek competent legal counsel for advice on compliance with any laws and regulatory requirements and to otherwise take whatever measures are necessary for such compliance. Rapid 7 Inc. assumes no responsibility for any use or misuse of any information presented in this report.


GLB Compliance Results

The results of this report do not cover the full set of requirements for GLB compliance. This information has been gathered during a scan of your web application, and will only cover the following requirements as is possible from a "blackbox" analysis.
For the text of the Gramm-Leach-Bliley-Act (also known as the Financial Services Modernization Act of 1999) click here: http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s900enr.txt.pdf.

Pass or Fail for a requirement is based on the sub-requirements we are able to test for in an automated Web Application Assessment. All other sub-requirements are not factored in.

Security and Confidentiality

Requirement B.1: Ensure the security and confidentiality of customer information.
Failed

Unauthorized Access

Requirement B.3: Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
Failed

Manage and Control Risk

Requirement C: Manage and Control Risk - You shall design your information security program to control the identified risks commensurate with the sensitivity of the information as well as the complexity and scope of your activities. You must consider whether the following security measures are appropriate for you and, if so, adopt those measures you conclude are appropriate.
Requirement C.1a: Access controls on customer information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means.
Failed
Requirement C.1c: Encryption of electronic customer information, including while in transit or in storage on networks or systems to which unauthorized individuals may have access.
Failed
Failed