Beyond Security's beSTORM Receives Recognition As Communication Robustness Testing Tool For Use In ISASecure Cybersecurity Certification Program

The ISA Security Compliance Institute (ISCI) announced recently that the beSTORM software security testing tool from Beyond Security has been formally recognized for official use by certification bodies in the ISASecure industrial automation and control system (IACS) cybersecurity certification program.

Communication Robustness Testing (CRT) is one of four dimensions of embedded device certification. CRT tools are also used for network stress testing during system level certifications. With this recognition, Beyond Security joins the growing list of cybersecurity organizations supporting the ISASecure certification scheme.

beSTORM is a commercial, black box, intelligent fuzzer that performs dynamic security testing of products in development and can be used by network administrators to certify the security of networked applications before deployment. Software QA departments that may be using a dozen different tools to test application security can now get all dynamic security testing done with just one. Administrators who must certify applications before deployment can now use a single tool to test all networked applications—even those with proprietary protocols.

ISCI publishes CRT test tool recognition requirements for evaluating CRT test tools submitted by suppliers for use in the ISASecure certification program. CRT test tools that have been formally recognized by ISCI may be used by ISASecure certification bodies for use in the CRT portion of the ISASecure EDSA and ISASecure SSA certifications.

The ISASecure tool recognition process confirms that the product’s test suites meet the ISASecure CRT requirements and are capable of consistently executing ISASecure certification tests.

ISCI recomends that suppliers use ISCI-recognized CRT test tools during the product development and testing phases to identify and correct network-based security vulnerabilities. Using recognized CRT tools during the development process also aids suppliers in preparing for the formal ISASecure EDSA certification assessment.

The beSTORM Test tool registration and certificate can be viewed on the ISCI web site (www.isasecure.org).

"We are pleased that the Beyond Secuity team has presented beSTORM for recognition as an ISASecure CRT testing tool," said Andre Ristaino, ISCI Managing Director. “It requires a long-term commitment to the ISASecure global certification scheme, and we’re happy to have beSTORM recognized and on board.”

About Beyond Security and beSTORM
Beyond Security's solutions, AVDS and beSTORM, accurately assess and help resolve security weaknesses in networks, web applications, industrial systems and networked software. We help businesses and governments simplify and improve the accuracy of their network and application security testing and thus reduce their vulnerability to attack and data loss. Our product lines, AVDS (network and web application vulnerability assessment) and beSTORM (software security testing), will help you secure your network and applications, comply with your own security policy requirements and exceed industry and government security standards.

beSTORM performs comprehensive dynamic security analysis on any software. It will discover security vulnerabilities without access to source code. beSTORM tests any protocol, even those used in process control and aerospace applications.

About The ISA Security Compliance Institute (ISCI)
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems (IACS).

The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of critical Infrastructure for generations to come. ISCI Members include Chevron, ExxonMobil, Aramco Services, Honeywell, Invensys (now Schneider Electric), Yokogawa, exida, Codenomicon, CSSC, and IPA-Japan.

The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The ISASecure designation ensures that IACS products conform to industry consensus cyber security standards such as ISA/IEC 62443, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification.