The Motion Picture Association (MPA) supports content creators throughout the production lifecycle by publishing comprehensive Content Security Best Practices on behalf of its member companies: Netflix Studios, LLC; Paramount Pictures Corporation; Sony Pictures Entertainment Inc.; Universal City Studios LLC; Walt Disney Studios Motion Pictures; and Warner Bros. Discovery Inc. These Best Practices, managed and updated by the MPA’s TPN program with input from various industry stakeholders, establish minimum-security preparedness benchmarks for the Media and Entertainment industry. The following requirements outline the necessary controls to protect content throughout the production, post-production, and distribution workflows. The list of technical security requirements is extensive; however, Attack Vector can assist specifically with penetration testing and vulnerability scanning, as detailed below.
Penetration Testing
Annual penetration testing of all external IP ranges, hosts, web applications, and APIs is required. Testing should be conducted by an independent third party or internal red team. A remediation plan should be developed and implemented for identified issues. Penetration testing should also be performed after any major application or infrastructure change.
Vulnerability Scanning
Monthly vulnerability scans are required for external IP ranges and hosts. Quarterly authenticated scans are required for internal IP ranges, hosts, virtual machines, and containers. Scans should also cover production and non-production networks, as well as APIs. Remediation plans should be in place for all discovered vulnerabilities. Vulnerability scans should be performed after major application or infrastructure changes. This complements penetration testing by providing regular checks for known vulnerabilities.
Attack Vector offers affordable and tailored penetration testing and vulnerability scanning services designed to meet these specific requirements, ensuring robust security for your valuable content and infrastructure.