This letter confirms that Foundstone, a division of McAfee, Inc. has assessed State National’s network environment pursuant to the FoundSecure™ Vulnerability Assessment Methodology described in more detail at http://www.mcafee.com/foundsecure. The purpose of the assessment was to review the security posture of State National's computer networks to identify potential security vulnerabilities and to help State National mitigate its exposure to risk.
As you know, computer security is a relative concept. No computer system connected to the Internet can be completely secure and no amount of testing can disclose all possible vulnerabilities. Accordingly, this Security Posture Statement does not guarantee the complete security of any computer system. However, the FoundSecure assessment is designed to determine whether the computer systems subject to testing are vulnerable to some of the common exploits and penetration methods, and whether the organization and its network administrators have taken proactive measures to monitor, mitigate and manage their exposure to potential security risks on an ongoing basis.
Based on our testing, we are satisfied that as of December 31, 2014, the overall network environment of State National is maintained in a security-conscious manner. Specifically, we find that State National has installed recent updates and patches for vulnerable applications reviewed as part of the FoundSecure assessment; State National's network is not significantly vulnerable to the penetration techniques duplicated in the testing methodology described at http://www.mcafee.com/foundsecure, and that non-essential services known to create excessive security risks are not present on the tested systems. This letter also verifies that Foundstone will continue to work with State National by providing monthly FoundScan™ reviews through December 31, 2014, in order to bring future security risks and vulnerabilities to State National's attention in a timely manner and to confirm that State National continues to update its network configuration and software to minimize risk. This letter only remains in effect so long as the FoundSecure Seal is displayed on State National's web site. Absence of the Seal in State National's web site will signify that this Secure Posture Statement is no longer in effect. Accordingly, all recipients of this letter should visit State National's web site (see links below) and click on the Seal to confirm the validity of the Seal.
Foundstone, a division of McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
This letter was issued on January 1, 2015, and shall be effective until December 31, 2015, unless subsequently revoked.
Visit www.statenational.com to view the FoundSecure seal.