This article is part of the new OWASP Testing Guide v4.Back to the OWASP Testing Guide v4 To C: https:// Back to the OWASP Testing Guide Project: https:// The OWASP Testing Project has been in development for many years.Interestingly, they estimate that a better testing infrastructure would save more than a third of these costs, or about billion a year.More recently, the links between economics and security have been studied by academic researchers.The group fully understands that not everyone will agree upon all of these decisions.
It was a challenge to obtain consensus and develop content that allowed people to apply the concepts described in the guide, while also enabling them to work in their own environment and culture.
See  for more information about some of these efforts.
The framework described in this document encourages people to measure security throughout the entire development process.
The National Checklist Program Repository recommends the CIS Benchmarks to federal agencies and other organizations trying to meet Federal Information Security Modernization Act (FISMA) compliance.
CIS-CAT Pro, our automated configuration assessment tool, has been validated by the NIST Security Content Automation Protocol (SCAP) to audit systems subject to FISMA requirements in the following categories: See our SCAP validation.