Every security audit, penetration test, vulnerability scan, performance test, etc. requires approval from CA Technologies before being run.
CA Technologies requires all customers looking to run such tests to create a new support case with CA Technologies Support and provide the following information related to a planned test:
- Planned start and end dates (including times and the related time zone)
- Contact information for the person conducting the test
- Phone number
- Email address
- An estimate of the amount of bandwidth expected to be used during the test
- Tools that will be used for the test, including:
- Specific details of which test mode will be used in the tool
- What values will be set for the test, what parameters will be used
- Why the test is being conducted, what is the expected outcome of the test
- All other relevant information pertaining to the test
CA Technologies will then address the request as soon as possible and will respond with an authorization number and a timeframe for how long the approval is valid.
All requests to run security audits or performance tests against the SaaS infrastructure must be made to CA Technologies Support and approved prior to running any tests. Any unauthorized tests may result in unintended consequences to maintain the security and stability of the infrastructure for all CA Technologies customers.