Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Cybersecurity Compliance and Frameworks

Compliance Penetration Testing

The journey to “Forward Defense” inevitably requires a pit stop for compliance. Bishop Fox's Compliance Penetration Testing satisfies the security testing requirements found in common frameworks and regulatory compliance mandates. Approach your auditors with confidence while identifying risky exposures and receiving valuable guidance to help you stay ahead of the threat landscape.  

Information Security Regulations

Penetration Testing Requirements Covered by Bishop Fox


The Payment Card Industry Data Security Standard (PCI DSS) requires penetration testing at least annually and upon any significant environment changes. This can include external and internal network testing, cloud testing, or application testing approaches depending on architecture. Requirements state penetration testing should be performed.


The Health Insurance Portability and Accountability Act (HIPAA) mandates that security measures are in place for protected health information (PHI) data. Depending on network architecture, regular network, cloud, and application penetration testing are critical for evaluating how an organization adheres to the strict privacy, security, and breach notification rules of HIPAA.


SOC 2 is a common security framework that specifies how organizations should protect customer data. Though technically not a requirement to pass a SOC 2 audit, Penetration testing is a common step towards achieving SOC 2 compliance, as it touches on many of the trust service principal that the evaluation is based on.

ISO 27001

ISO 27001 covers the management of information security risks, policies, objectives, roles, responsibilities, and more. This standard mandates management of technical vulnerabilities and system security testing to identify and mitigate vulnerabilities in information security systems, which can be satisfied by network, cloud, and application penetration testing.


The General Data Protection Regulation (GDPR) is an EU regulation that concerns data protection and privacy for EU citizens. Article 32 of the GDPR requires organizations to have a process for regularly assessing and evaluating the effectiveness of data security measures. Regular network, cloud, and/or application penetration testing satisfies this requirement.


Many organizations voluntarily leverage the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) as an anchor to their security program. Regular network, cloud, and/or application penetration testing are extremely useful in strategically contributing to the five core NIST functions of identify, protect, detect, respond, and recover.


The Open Worldwide Application Security Project (OWASP) is one of the preeminent non-profit resources in the domain of software security. The OWASP Application Security Verification Standard (ASVS) and the OWASP Top Ten are commonly used standards that customers desire and Bishop Fox can execute on during application and/or cloud penetration testing services.


CREST is an international, not-for-profit, membership body representing the cybersecurity industry. It requires members to undergo a rigorous accreditation that holds operating standards, personnel, testing approaches, and data security to the highest standard. Bishop Fox is a CREST-accredited service provider.

World-Class Expertise

Offensive Security Expertise & Customer Service

Compliance doesn’t have to be painful and shouldn’t just “check the box”. In the past 18+ years we’ve added value to the governance, risk, and compliance programs of some of the world’s leading organizations and most valuable brands.

NPS Icon

86 Our “world-class” NPS Score

Icon Projects Dark BG B

16K+ Projects completed in the last 3 years

Icon Fortune 100 Co Dark BG

26 Of the Fortune 100


We're proud to work with the brands you love to protect your data and privacy.

White Coinbase logo on network application security services page.
White Workplace logo on network security page.
White John Deere logo for network security case study.
Parrot logo for application penetration testing security case study.
White Sonos logo on ioXt certification page. Sonos Makes Secure Moves with Bishop Fox.
White Zoom logo for application security services case study.


Bishop Fox Services for Compliance

Network Penetration Testing

External and internal penetration testing services to satisfy compliance requirements for data that exists in on-premise environments.

Cloud Penetration Testing

Cloud security testing services to satisfy compliance requirements for data hosted in AWS, Azure, GCP, and Kubernetes.

Application Penetration Testing

Application security testing services to satisfy compliance requirements for data hosted and processed by web applications.

Continuous Testing

Out-pace modern attackers and swiftly remediate your exposures while addressing common penetration testing and vulnerability management compliance requirements.

Cloud Application Security Assessment (CASA)

Bishop Fox is an App Defense Alliance (ADA) authorized assessor. Test your applications and ensure the security of user data while receiving your CASA letter of assessment.

PCI Approved Scanning Vendor (ASV)

Bishop Fox is a PCI DSS approved scanning vendor (ASV). Satisfy your PCI 11.2.2 quarterly external vulnerability scanning requirements with confidence. Available as an add-on. 


We're proud to be recognized as the leader in offensive security — and a great place to work!

Gigaom Radar Award badge 2024 for the Attack Surface Managment leader.
GigaOm radar report 2024 badge for fast mover.
Global Infosec Awards Winner 2023
Bishop Fox winner of the 2021 SC award for best emerging technology.
Bishop Fox winner of the Stevie Silver Awards 2022.
FastCompany Logo on yellow background with Best Workplaces for Innovators 2022 award

Are you ready? Start defending forward.

We'd love to chat about your offensive security needs. We can help you determine the best solutions for your organization and accelerate your journey to defending forward.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.