Can Mayhem help me implement regulatory and compliance requirements, BSIMM, DCSA, STIG, etc?


Can Mayhem help me implement regulatory and compliance requirements (Risk mgmt framework, BSIMM, DCSA, SDLC, SSDLC, DevSecOps, STIG)?

Mayhem can definitely help with Software Assurance and Compliance. The National Institute of Standards and Technology (NIST) developed the Risk Management Framework (RMF). NIST specifically identifies fuzzing and dynamic analysis as a requirement in NIST SP 800-53 Rev. 5 under SA-11(8). Organizations within DoD have added fuzzing and dynamic analysis to the Software Assurance overlays. Some have incorporated it into their acquisitions process as a requirement for their Contract Data Requirements Lists (CDRLs). In Mayhem, you have the capability to create detailed reports regarding the targets you have fuzzed. At a higher level, you can see reports that show how much time has dedicated to fuzzing and how many defects were found.