DigiD Pentesting for Compliance
Stay DigiD compliant, with a thorough pentest for your DigiD compliance. Cyver delivers fast, insightful testing to implementation, application, and infrastructure to help you find and remediate vulnerabilities. Our Dutch team will thoroughly investigate your implementation and submit a pentest report mapped to the DigiD Standards Framework 2.0 to help you meet your ENSIA Audit obligations.
Do I Need a DigiD Assessment?
Any organization using the Dutch Digital Personal Identification (DigiD) is obligated to perform a yearly ICT security assessment and audit, ENSIA. This includes a pentest of all implementations and infrastructure or a relevant TPM statement from your software provider. Logius sets the DigiD security standard based on guidelines from the Ministry of the Interior and Kingdom Relations, in consultation with NOREA, the National Audit Service, and the NCSC.
In addition to the annual pentest, you’re required to perform periodic scans and pentesting at any point where you make significant changes to assets, properties, or forms impacting your DigiD implementation.
What’s Included in a DigiD Pentest?
Cyver performs DigiD pentests according to the Logius DigiD Standards Framework v2.0, a subset of the NCSC Norms. We utilize the OWASP Testing Guide and ASVS (OWASP Application Security Verification Standard) for our DigiD assessments. This includes greybox testing, with scope set to include all assets impacting DigiD, as well as any custom forms or components integrated into DigiD.
Our compliance partner, Inergy, provides necessary TPM statements.
Request a Free DigiD Sample Report
Request a free sample report to see how Cyver delivers pentest reports for DigiD compliance. We’ll onboard you to our platform, where you can see and interact with sample findings as tickets, compliance data, and the full pentest report.
Cyver delivers a DigiD pentesting solution centered around remediation. Our assessments are conducted from our Amsterdam office, in conjunction with BZK standards. Vulnerability findings are delivered as tickets, so your teams can collaborate with our pentesters on remediation, request retests, and generate audit-ready reports with updated finding status. Plus, with Pentest-as-a-Service, you can schedule next year’s pentest in now – to ensure you stay compliant.
The 60,000 businesses using DigiD are required to submit DigiD audits to Logius by May 1, with all vulnerabilities resolved. Cyver uses real-time communication, and a large network of pentesters so we can test fast. Plus, with free retesting – so you get your DigiD pentest report ASAP at no extra cost.
Your Pentest Platform
From onboarding to scheduling ongoing pentests, Cyver is here to make your pentest processes better. We deliver full access to a cloud Security Dashboard, where you can request assessments, see findings in real-time, track findings and proof-of-concept files in one secure place, and automatically assign findings to developers. Our cloud platform delivers findings as tickets, risk analysis, reports, and security metrics. We make pentest reports modern, digital, and actionable.
Meeting DigiD Compliance with Pentesting
ENSIA audits are obligatory for any organization using DigiD. But, what does compliance entail? And why do you need pentesting to stay DigiD compliant? Download our free whitepaper to see what’s involved in your yearly compliance assessment, what pentesting entails for your organization, and how Cyver can help.
We are here to help
What is a Pentest-as-a-Service
Pentest-as-a-Service combines our human expertise and insight with the convenience of cloud apps and findings-as-tickets. We organize pentests in our cloud platform, Cyver Core, and deliver pentest reports with tickets, so developers and compliance officers can remediate right away. Plus, we offer free insight tooling, so you can see remediation times, risk profiles, and even areas of risk.
When Can You Start?
In most cases, we can start your pentest within 2 weeks. In some cases, we can finalize and deliver your pentest during that time. However, pentest duration depends on the scope of the pentest, your assets, and environments.
Cyver leverages a network of pentesters, allowing us to quicly scale to meet demand. When you need expert pentesters, we can help, and quickly. If you want a quote based on your specific needs and assets, book a demo now for a one-on-one conversation.
How Much Do You Charge for a Pentest?
Cyver uses a credit system to charge a flat rate for our pentests. That means costs are always transparent and you always know what you're paying for. Currently, we charge €299 per pentest credit. Pentests range from 2 credits for a simple 1-website test to well over 40 credits for a large and complex system. Visit our pricing page for more information.
What Does the Platform Look Like?
Visit our How it Works page to see Cyver in action. Or, schedule a demo to see it live. Our platform, Cyver Core, allows you to onboard your full team, assign responsibilities, and see findings results in real time. When we deliver the report, you can export it to a PDF or process it as tickets, linked to tooling like Jira, for faster remediation.