Log in links for this page

Penetration Testing Services

Assist with Penetration Testing Services including scoping of effort and assistance in identifying an appropriate vendor(s)

EOTSS End User and IT Service Support

Phone

Support for Commonwealth end users and IT support personnel

The Details   of Penetration Testing Services

Features   for Penetration Testing Services

A Penetration Test is an attempt to evaluate the security of IT infrastructure or an application by safely trying to exploit vulnerabilities.  Penetration Tests are performed using manual or automated technologies to systematically compromise a single vulnerability risk, such as, SQL Injections or Cross Site Scripting (XSS).

Pricing   for Penetration Testing Services

Price varies depending on scope and vendor.

How to request   Penetration Testing Services

Designated Security Officers (DSOs) ONLY - will request on behalf of Commonwealth employees and their authorized business partners, whether or not currently supported by EOTSS.

Request service via a ServiceNow request

Service Level Expectation (SLE)   for Penetration Testing Services

Penetration Testing Services

SLEResponsibilities/Dependencies

Fulfillment: 80% within 1 month

Customer

  • Responsible for adhering to the EOTSS Standard Rules of Engagement.
  • Provide EOTSS and assigned vendor required testing timelines and availability during intake.
  • Sharing complete requirements will ensure that accurate SLEs are provided and met.
  • Penetration Testing start time is dependent on customer availability and timeline.

EOTSS

  • Responsible for assisting with Penetration Testing Services, including scoping of effort.

Vendor

  • Responsible for conducting and completing the Penetration Test.
  • Responsible for coordinating with the customer on availability and timelines.
  • Time to complete Penetration Testing is dependent on vendor availability. 

Policies   for Penetration Testing Services

Contact   for Penetration Testing Services

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback