IT-CNP, Inc. is committed to protecting the security of our customers' data. As part of our commitment to security, we are establishing a public disclosure program in alignment with the National Institute of Standards and Technology (NIST) Special Publication 800-53 Security and Privacy Controls for Information Systems and Organization RA-5(11) security requirements.
Under this program, we encourage security researchers to report vulnerabilities in our systems and products to us. Through this program our security team will investigate all reported vulnerabilities and take appropriate action to remediate them.
The NIST RA-5(11) security requirement is based on the following principles:
- Security researchers play a vital role in helping organizations to identify and fix vulnerabilities.
- Organizations should make it easy for security researchers to report vulnerabilities.
- Organizations should respond to vulnerability reports in a timely and responsible manner.
We are committed to meeting the NIST RA-5(11) security requirement by establishing a public disclosure program that is easy to use and that responds to vulnerability reports in a timely and responsible manner.
To report a vulnerability to us, please use our public disclosure program email address: VulnerabilitiesReporting@IT-CNP.com
We appreciate the help of security researchers in keeping our systems and products secure. We are committed to working with security researchers to responsibly disclose and remediate vulnerabilities.
Our public disclosure program offers a number of benefits, including;
- Increased security: Our public disclosure program helps us to identify and fix vulnerabilities in our systems and products before they can be exploited by attackers.
- Improved trust: Our public disclosure program demonstrates our commitment to transparency and security.
- Stronger relationships with security researchers: Our public disclosure program helps us to build stronger relationships with security researchers.
We encourage all security researchers to participate in our public disclosure program. By working together, we can make our systems and products more secure.