Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

95
Views
1
Helpful
2
Replies
khgrant
Cisco Employee
Cisco Employee
‎07-07-2016 05:07 PM
‎07-07-2016 05:07 PM

NSO security testing - what can we share with customers?

 

Hello,

 

I have a question in an RFP asking to explain what security testing has been applied to NSO, and whether we can share any test results.

 

 

Do we have any existing documentation or test results? Are there any security guidelines we can say that NSO is following?

 

 

Thank you

 

 

Stefano

 

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
khgrant
Cisco Employee
Cisco Employee
‎07-07-2016 05:08 PM
‎07-07-2016 05:08 PM

 

I think you need to reach out to the security audit team in Stockholm. Niclas Eklund, nieklund@cisco.com might know.

 

 

I know there has been quite a few of those braindead port scanners thrown at it over the years. Maybe some of those reports can be published.

 

 

 

/klacke

 

View solution in original post

0 Helpful
2 REPLIES 2
khgrant
Cisco Employee
Cisco Employee
‎07-07-2016 05:08 PM
‎07-07-2016 05:08 PM

 

I think you need to reach out to the security audit team in Stockholm. Niclas Eklund, nieklund@cisco.com might know.

 

 

I know there has been quite a few of those braindead port scanners thrown at it over the years. Maybe some of those reports can be published.

 

 

 

/klacke

 

0 Helpful
khgrant
Cisco Employee
Cisco Employee
‎07-07-2016 05:09 PM
‎07-07-2016 05:09 PM

 

Hi, yes we had a conversation on this and I summarised this answer for the RFP below Also here is the main dashboard from where you can go to test results http://wwwin-xmet.cisco.com/cgi-bin/ops/tops/xmet/csdlplatformdetails.cgi?r

 

ecord_number=2796

 

 

 

Stefano

 

‹----

 

NSO is developed according to the guidelines of the Cisco Secure Development Lifecycle described here:

 

http://www.cisco.com/c/en/us/about/security-center/security-programs/secure

 

-development-lifecycle.html

 

 

This is a requirement all Cisco software products have to meet.

 

 

The tools we currently use for vulnerability testing are:

 

 

* IBM Security AppScan,

 

* Tenable Network Security Nessus

 

* Codenomicon Defensics

 

 

We¹re not in a position to share the detailed results of the test suites.

 

 

However the cisco policy for vulnerabilities is here:

 

http://www.cisco.com/c/en/us/about/security-center/security-vulnerability-p

 

olicy.html

 

That policy describes how we actively support our customers in case of vulnerabilities.

 

-----

 

Latest Contents
Archived : Idea stage
Created by nivmanoh on 05-22-2018 02:53 AM
1
0
1
0
archive this
Reviewed Idea stage
Created by nivmanoh on 05-22-2018 02:53 AM
1
0
1
0
test the stage
Rejected stage Idea
Created by nivmanoh on 05-22-2018 02:52 AM
1
0
1
0
Test
Delivered stage - the idea
Created by nivmanoh on 05-22-2018 02:39 AM
1
0
1
0
Please test
Achieve the test ideas
Created by nivmanoh on 05-21-2018 11:22 PM
1
0
1
0
modes
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Idea
+ Project Story
Find more resources
Blogs
Documents
Events
Videos
Ideas
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad