AVDS Standards Compliance Partners

AVDS will help you comply with all network security standards.

AVDS delivers reporting accepted by the following standards bodies.

Beyond Security's Vulnerability Assessment product line, AVDS, helps companies and governments all over the world achieve excellence in network security testing and comply with the following standards.

AVDS scanning and reporting complies with all of the following network security standard requirements.

Standards Partners


BASEL II is officially known as the International Convergence of Capital Measurement and Capital Standards. It is a framework established by the Basel committee, a consortium of Central Governing Banks from several countries. The applicable framework for information security in order to meet Basel II in the U.S. is the FFIEC Information Security Booklet (2003).

AVDS Vulnerability Assessment is a vital component of any Basel II compliance project.

Link: http://msdn.microsoft.com/en-us/library/aa480484.aspx#regcompliance_demystified_topic7


CVE's (Common Vulnerability Enumeration) common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

AVDS is CVE compliant and includes CVE identifiers in its vulnerability reports.

Link: http://cve.mitre.org/


CVSS is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities. CVSS helps organizations prioritize and coordinate a joint response to security vulnerabilities by communicating the base, temporal and environmental properties of a vulnerability.

AVDS incorporates the CVSS standard method of describing the severity of vulnerabilities.

Link: http://www.first.org/cvss


The HIPAA (Health Insurance Portability and Accountability Act) Security Rule sets US standards for the security of electronically stored health information. Healthcare information handlers must implement electronic measures, including vulnerability assessment, to ensure that health care information is not improperly accessed, altered or destroyed.

AVDS provides reports that assist compliance with HIPPA standards.

Link: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html


ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. ISO/IEC 27002 provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS).

ISO 27001 and ISO27002 compliance is simplified by AVDS and its ease of use and automated functionality

Link: http://www.iso.org/



Information and Communication Technology (ICT) security standards have been established by the International Telecommunications Union Telecommunications Standardization Sector (ITU-T). Activities include: developing and maintaining security outreach material; coordination of security-related work; and identification of needs and assignment and prioritization of work to encourage timely development of telecommunication security Recommendations.

AVDS is used by some of the largest telecommunications companines in the world to establish secure networks. beSTORM is used by develpers of mobile handsets and applications to find and fix security weaknesses prior to release.

Link: http://www.itu.int/en/ITU-T/studygroups/com17/Pages/telesecurity.aspx



AVDS Vulnerability Assessment and NERC-CIP

Link: http://www.nerc.com/pa/CI/Comp/Pages/default.aspx


The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels.

AVDS is appropriate for testing information and data controls, computer and telecommunications networks, wireless devices and mobile devices.

Link: http://www.isecom.org/research/


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. The OWASP Foundation does not support, advocate, or recommend any particular product or technology.

AVDS web application scanning features can assist in the compliance with OWASP Published Standards.

Link: https://www.owasp.org


The Payment Card Industry (PCI) has established a Data Security Standard (DSS) to provide clear policies for the safe collection, transmission and storage of credit card data. An Approved Scanning Vendor (ASV) is a company which has been tested by the Security Standards Council and found qualified to provide security testing of the web applications and supporting equipment that handles credit card information.

Beyond Security is an Approved Scanning Vendor and provides PCI scanning services.

Link: https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php


SANS is the most trusted and by far the largest source for information security training and security certification in the world. The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through.

AVDS addresses the following critical controls:

  • Inventory of Devices
  • Secure Configurations
  • Application Software Security
  • Continuous Vulnerability Assessment

Link: http://www.sans.org/critical-security-controls/


The Sarbanes-Oxley Act of 2002 (SoX) includes legal requirements for data accuracy and accountability. Section 404 of the Sarbanes-Oxley Act mandates that all publicly-traded organizations must demonstrate due diligence in the security and disclosure of financial information. They must implement internal controls and procedures to communicate, store and protect that data. They must protect these controls from internal and external threats and unauthorized access, including those that could occur through online systems and networks.

AVDS provides enterprise level vulnerability assessment and management, a vital component of data security and specifically required by SoX.

Link: http://www.sox-online.com/43-2/