SAST Compliance Standards
Overview
Mend SAST offers several report formats to help you in creating compliance reports on your application for auditing and other inspections. We provide reports based on the industry standards outlined in the table below:
List of Standards
Standard | Industry | Description |
|---|
Open Web Application Security Project (OWASP) OWASP TOP 10 2017 OWASP TOP 10 2021
| All | From the official OWASP website:
“The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.” |
National Institute of Standards and Technology (NIST) | US Government and associated entities | From the official NIST website, their mission is:
”To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” |
Common Attack Pattern Enumeration and Classification (CAPEC) | All | From the official CAPEC website:
“[CAPEC] provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.” |
SysAdmin, Audit, Network, and Security (SANS) / Common Weakness Enumeration (CWE) | All | From the official CWE website:
”This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.” |
Health Insurance Portability and Accountability Act (HIPAA) | Healthcare | From the official HIPAA website:
”While the HIPAA Privacy Rule safeguards PHI, the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called electronic protected health information, or e-PHI.” |
Health Information Trust Alliance (HITRUST) | Healthcare | From the official HITRUST website:
”HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks, related assessments, and assurance methodologies.” |
Payment Card Industry Data Security Standard (PCI DSS) | Finance | From the official PCI SSC website, their mission is:
”The PCI SSC mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.”
The PCI DSS is a part of the PCI SSC’s governance. |
Compliance Standard CWE Coverage
