NIST Penetration Testing Providers
National Institute of Standards and Technology SP 800-115 · Published by National Institute of Standards and Technology
NIST Special Publication 800-115, the Technical Guide to Information Security Testing and Assessment, provides a structured methodology for planning and conducting security assessments developed by the United States National Institute of Standards and Technology. This publication establishes a framework for organisations to evaluate the effectiveness of their security controls through testing techniques including vulnerability scanning, penetration testing, and social engineering.
NIST SP 800-115 defines four phases of security testing: planning, discovery, attack, and reporting. The planning phase covers scope definition, rules of engagement, and approval processes. The discovery phase includes information gathering, vulnerability scanning, and analysis. The attack phase covers exploitation, privilege escalation, and lateral movement. The reporting phase defines how findings should be documented, prioritised, and communicated to stakeholders.
As a US government publication, NIST SP 800-115 is authoritative for federal agencies and contractors, and is widely referenced in private sector security testing programmes. It aligns with the broader NIST Cybersecurity Framework (CSF) and NIST SP 800-53 security controls, making it particularly relevant for organisations that use NIST as their primary security framework. The methodology's emphasis on thorough planning and clear reporting makes it a strong foundation for regulatory-driven penetration testing programmes.
Key Features
- —Four-phase testing framework
- —US government authoritative standard
- —Aligns with NIST CSF and SP 800-53
- —Covers planning through reporting
- —Social engineering testing guidance
Best For
- —US federal agency testing
- —FedRAMP assessments
- —CMMC compliance
- —NIST CSF aligned organisations
- —Regulatory-driven testing programmes
Providers using NIST (18)
SECFORCE
Leading UK offensive security consultancy based in Canary Wharf, delivering CREST-accredited penetration testing and adversary simulation to organisations with the most demanding security requirements.
NetSPI
Leading penetration testing firm with the Resolve platform for continuous attack surface management, trusted by nine of the top ten US banks.
Trustwave
Global managed security provider with the elite SpiderLabs penetration testing team and deep PCI DSS compliance expertise.
Bridewell
Fast-growing CREST and CHECK-accredited UK cybersecurity consultancy with deep expertise in critical national infrastructure sectors.
Mandiant
World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience.
Bishop Fox
Premier US-based offensive security firm known for elite penetration testers, cutting-edge research, and the Cosmos continuous attack surface management platform.
Rapid7
Creators of Metasploit offering enterprise penetration testing integrated with their comprehensive vulnerability management and security operations platform.
Coalfire
Compliance-focused cybersecurity advisory firm and FedRAMP 3PAO specializing in penetration testing that meets stringent regulatory requirements.
Black Hills Information Security
Community-driven penetration testing firm known for free security education, open-source tools, Wild West Hackin' Fest, and practical offensive security services.
CrowdStrike
Global cybersecurity leader leveraging world-class threat intelligence from the Falcon platform to deliver intelligence-led penetration testing and red teaming.
IOActive
Elite boutique security consultancy specializing in IoT, SCADA/ICS, embedded systems, and hardware security research with world-renowned researchers.
Secureworks
Dell Technologies-backed cybersecurity firm with elite Counter Threat Unit intelligence informing enterprise penetration testing and adversary simulation.
Rhino Security Labs
Cloud security penetration testing specialists known for the Pacu AWS exploitation framework and deep expertise across AWS, Azure, and GCP environments.
Praetorian
Offensive security firm founded by former DoD professionals, offering elite penetration testing and the Chariot continuous attack surface management platform.
Synack
FedRAMP-authorized crowdsourced penetration testing platform combining vetted elite hackers with AI-powered Hydra technology for continuous security testing.
Aon Cyber Solutions
Cybersecurity consulting division of global insurance leader Aon, uniquely combining penetration testing with cyber risk quantification and insurance expertise.
Securin
Vulnerability intelligence-driven penetration testing firm providing contextual security assessments informed by threat actor exploitation data and ransomware tracking.
BreachLock
Cloud-based Penetration Testing as a Service platform combining AI-driven automation with expert manual testing at accessible price points.
NIST FAQs
Is NIST SP 800-115 mandatory for US federal agencies?+
While not universally mandatory, NIST SP 800-115 is the authoritative technical guide for federal security testing and is widely adopted across US government agencies and their contractors. FedRAMP and CMMC reference NIST testing standards.
How does NIST SP 800-115 relate to the NIST Cybersecurity Framework?+
SP 800-115 provides the technical testing methodology that supports the NIST CSF's Identify and Protect functions. It helps organisations assess whether the security controls defined by NIST SP 800-53 are effectively implemented.
Can non-US organisations use NIST testing methodology?+
Absolutely. While developed for US government use, NIST SP 800-115 is freely available and widely adopted internationally. Many organisations outside the US use it alongside other frameworks like OWASP and PTES.