US flag signifying that this is a United States Federal Government website An official website of the United States government

Penetration test authorization

Penetration test authorization

If you plan to perform a penetration test on your customer applications, please send the following information to cloud.gov support ahead of your planned test:

* Source IPs (for testers and their tools): 
* Start date:  
* End date: 

This request is only necessary for in-depth security testing, which is a common step in agency ATO processes for customer systems. You don’t need to wait for an approval; simply sending the notification is sufficient. You can always run routine vulnerability scans on your own applications without special authorization.