logoalt Hacker News

tptacektoday at 2:27 PM3 repliesview on HN

As is the case with SOC2, the "vulnerability scan" requirement here is likely to be meaningless; any automated process that can plausibly be described as instrumental in finding some kind of vulnerability is a "vulnerability scan", so all you have to do is run nmap.

Replies

john_strinlaitoday at 2:49 PM

they have comment/request for information sessions for HIPAA rule proposals, which your input would be valued.

show 1 reply
dgellowtoday at 2:35 PM

If it is like SOC2 I would expect respected auditors to reject that

show 2 replies
jasonlotitotoday at 4:18 PM

> so all you have to do is run nmap.

This is ignorance at best. No one who has ever actually had to do SOC2 compliance legitimately has just run nmap and been done with that.

show 2 replies