Vulnerability Assessment. The supplier must use commercial products or freeware (e.g., Nessus) for vulnerability assessment and/or penetration testing of the segment(s) on which servers hosting Symantec information are logically located. The supplier must specify the name and version of the network-based vulnerability assessment tool(s) used. The supplier must conduct vulnerability assessment and/or penetration testing at least twice a year. The supplier must submit the vulnerability assessment and/or penetration testing report(s) to Symantec’s Information Security upon request. The supplier must agree to Symantec-conducted vulnerability assessment scans of the portion of its extranet to be used to service Symantec.
Appears in 2 contracts
Sources: Symantec Online Store Agreement (Digital River Inc /De), Symantec Online Store Agreement (Symantec Corp)