GLBA Compliance

Solutions

Since Veracode code reviews work at the binary level, they can assess risk across mixed code bases. This provides enterprises with an easy and effective way to determine acceptable risk levels for internally or externally developed applications.
– Rhonda MacLean, CISO of Barclays

Veracode Solutions for GLBA Compliance

Achieve GLBA compliance in a simple and cost-effective way through on-demand application security testing.

Forrester on 3rd Party Software Risks

Protecting Against Malicious Backdoors

Datasheets
- GLBA Compliance
Podcasts
- Future of Software Flaws
Whitepapers
- On-Demand Application Security

Veracode GLBA Compliance Solution

The Gramm-Leach-Bliley Act (GLBA) of 1999 is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition among banks, securities companies and insurance companies. GLBA includes provisions to protect consumers’ personal financial information held by financial institutions as described in section 501(b) – Financial Institution Safeguards as follows

Ensure the security and confidentiality of customer records and information
Protect against any anticipated threats or hazards to the security or integrity of such records
Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer

As part of its implementation of GLBA, the Federal Trade Commission (FTC) issued the Privacy Rule and the Safeguards Rule, which require financial institutions under its jurisdiction to design, implement and maintain an information security program to protect the privacy and integrity of customer data. Additionally, financial institutions may be subject to GLBA enforcement from seven other authorities depending on their jurisdiction. To simplify interagency enforcement, the Federal Financial Institutions Examination Council (FFIEC), comprised of examiners from many different regulatory bodies tasked with GLBA enforcement, has created an Information Security Handbook and an exhaustive set of tests to assess compliance with GLBA.

Software Security and GLBA

According to Gartner, 75 percent of all new attacks are directed at software applications. With applications controlling access to sensitive customer financial information, application security testing plays a critical role in safeguarding customer data. In fact, the FFIEC has incorporated application security guidelines in its security handbook and advises financial institutions that “information security is a critical part of internally and externally developed software” in its guide to Software Development and Acquisition.

Veracode Helps Financial Institutions Achieve GLBA Compliance

Veracode’s on-demand application security testing solution allows financial institutions to quickly and cost-effectively meet GLBA compliance as part of their overall security program to protect customer information. Independent testing against industry benchmarks allows organizations to demonstrate to auditors that they are compliance with relevant sections of GLBA following the recommended interagency guidelines using the FFIEC Information Security Handbook:

Risk Assessment - Veracode application testing allows organizations to assess risks and vulnerabilities in software that handles private customer information. Learn More...
Information Security Strategy – Implement outsourced security testing with Veracode to obtain greater expertise, range of service and lower costs as part of FFIEC recommended strategies. Learn More…
Security Controls Implementation – Veracode enables financial organizations meet FFIEC requirements for code review, securing software development and acquisition.
Security Monitoring – Comply with requirements for periodic assessments for technical vulnerabilities and penetration testing by an independent organization that specializes in application security testing such as Veracode. Learn More…

Learn more about Veracode’s solutions...

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Enterprises today have a lot riding on secure application development. Veracode SecurityReview is the world's first automated, on-demand, application security testing solution that uses binary analysis and web application security testing to provide code security analysis. And with no costs for hardware or software or the personnel to manage it, enterprises can achieve software security assessment more cost-effectively.

The Veracode SecurityReview® solution delivers static, dynamic, and manual testing in a single service. Instead of purchasing separate dynamic and static application security assessment software and having to install it, train employees on it, maintain, and upgrade it, Veracode offers a testing solution that is built on the software-as-a-service (SaaS) model.

PCI compliance requires companies to meet application development security standards to protect customer credit card data and account information from hackers or malicious system intrusion. To achieve PCI compliance, businesses must certify that they can develop and deploy secure software applications by ensuring Web applications are not susceptible to common vulnerabilities and that custom application code has been reviewed by independent application security audit experts. For many businesses and merchants around the world, PCI compliance is most effectively and cost-efficiently achieved with Veracode.

As a growing number of cyber security threats are directed at the application layer, software procurement has become a more difficult task. Veracode has developed a first in the software security testing industry—an automated, on-demand, application security testing solution that offers comprehensive acceptance testing with higher accuracy, lower cost, and faster results.

Please access other pages on the Solutions section of our site to learn more about Veracode's approach to code review, security assessment, static analysis, vulnerability scanning, and web security.

Solutions

Datasheets

Podcasts

Whitepapers