Welcome to the TRaViS EASM (External Attack Surface Management) Security Policy and Compliance Manual. This document outlines how TRaViS, a cloud-based Software-as-a-Service (SaaS) platform, aligns with recognized security standards such as OWASP (Open Web Application Security Project), NIST (National Institute of Standards and Technology), and GDPR (General Data Protection Regulation), among others. It provides compliance officers, legal teams, and security auditors with guidelines to ensure adherence to regulatory requirements during scans, data handling, and reporting. TRaViS’s role is to help organizations identify and mitigate risks to their external attack surface while maintaining compliance with applicable laws and standards.
Purpose
This manual outlines how TRaViS aligns with security standards and provides guidelines for:
- Managing sensitive data (e.g., darknet intelligence, SAST results) responsibly.
- Ensuring legal and ethical compliance during scanning activities.
- Generating compliance reports using TRaViS’s export tools.
- Maintaining audit trails for regulatory oversight.
- Responding to compliance breaches effectively.
Target Audience
- Compliance Officers: Responsible for ensuring organizational adherence to regulations.
- Legal Teams: Oversee legal implications and contractual obligations.
- Security Auditors: Verify compliance with standards during audits.
