Automated vulnerability scans are required for Tier 2 verification. Select your scanning tools below to determine which CWEs should be loaded into scan policies, and which CWEs must be remediated to qualify for verification.
Go here for more details on what scans are required for your app, and step-by-step application scanning guide.
Go here for information on our highly recommended tools, which are preconfigured for CASA compliance.
CASA requirements are specific based on the type of application in scope for verification. Select your application type below to highlight which are in scope for your app.
Select your app type
1
Select existing certs
2
Select scanning tool(s)
3
Overview
Not sure what your application type is? Go here
You can eliminate redundant testing if you can provide the assessor with valid certifications or independently audited framework compliance artifacts.
Go here for more details on what is required for verification.
Your Tier 2 CASA
Based on your selections above, the table below shows which validation methods will be used to satisfy CASA requirements in scope for your
Tier 2 self verification.
Tier 2 self verification.
What is required to pass self-verification?
> No failed CWEs in your scan results.
> Verification of conformation to non-functional CASA requirements, validated through a self-attestation survey
Reminder: CASA recommended tools have pre-built configuration files that contain all required CWEs. Follow instructions in the scanning guide for how to use these tools.
For developers using alternative scanning tools, all CWEs mapped to DAST and SAST below will need to be configured into scanning policies for the respective scan types.
NOTE: It is highly recommended developers using custom vulnerability scanning tools export this table into machine readable format (like Google Sheets) to assist with configuring vulnerability scanning policies and findings remediation. Export the table below following instructions provided here
What's next?
The CASA Tier 2 Accelerator provides the developer with a tool that:
(1) minimizes the required checks depending on the developer current valid certifications
(2) clearly shows developers what requirements are in scope for a given application
(3) provides comprehensive guidance for vulnerability scanning options and requirements
Navigate the 3 steps below and provide inputs to the dashboard controls for a customized export of CASA requirements and how they will be validated for your application.
CASA Tier 2 Accelerator
Check out the recent update to the CASA requirements