Last updated at Fri, 12 Jan 2024 14:57:37 GMT

If you're working in IT security in U.S. federal government, chances are that you have to comply with the Federal Information Security Management Act of 2002 (FISMA). With Metasploit Pro, you can generate FISMA compliance reports that map penetration testing findings to controls, as recommended by Special Publication 800-53a (Appendix G) published by the National Institute of Standards and Technology (NIST) and by Consensus Audit Guidelines issued by a number of constituents including NIST and federal agencies such as the DoD and DHS.

Reports can be generated in PDF, RTF, XML and HTML formats. I've attached sample copies of all file formats to this blog post.

Here's a snipped from a recent webinar showing how easy it is to generate a FISMA report:

Note: This video is an excerpt from the webinar about Metasploit 4.1 entitled “What's new with Metasploit? HD Moore's personal tour of the next product version”.