Foundsecure
This letter confirms that Foundstone, a division of McAfee, Inc. has assessed Caremark’s network environment, specifically 'www.caremark.com' pursuant to the FoundSecure™ Vulnerability Assessment Methodology described in more detail at http://www.foundstone.com/foundsecure. The purpose of the assessment was to review the security posture of Caremark's computer networks to identify potential security vulnerabilities and to help Caremark mitigate its exposure to risk.
Computer security is a relative concept. No computer system connected to the Internet can be completely secure and no amount of testing can disclose all possible vulnerabilities. Accordingly, this Security Posture Statement does not guarantee the complete security of any computer system. However, the FoundSecure assessment is designed to determine whether the computer systems subject to testing are vulnerable to some of the common exploits and penetration methods, and whether the organization and its network administrators have taken proactive measures to monitor, mitigate and manage their exposure to potential security risks on an ongoing basis.
Based on our testing, we are satisfied that as of April 1, 2007, the overall network environment of Caremark, specifically 'www.caremark.com', is maintained in a security-conscious manner. Specifically, we find that Caremark has installed recent updates and patches for vulnerable applications reviewed as part of the FoundSecure assessment; Caremark's network is not significantly vulnerable to the penetration techniques duplicated in the testing methodology described at http://www.foundstone.com/foundsecure,and that non-essential services known to create excessive security risks are not present on the tested systems.
This letter also verifies that Foundstone will continue to work with Caremark by providing monthly FoundScan™ reviews through March 31, 2008, in order to bring future security risks and vulnerabilities to Caremark's attention in a timely manner and to confirm that Caremark continues to update its network configuration and software to minimize risk. This letter only remains in effect so long as the FoundSecure Seal is displayed on Caremark's web site. Absence of the Seal in Caremark's web site will signify that this Secure Posture Statement is no longer in effect. Accordingly, all recipients of this letter should visit Caremark's web site (see links below) and click on the Seal to confirm the validity of the Seal.
Foundstone, a division of McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA
This letter was issued on April 1, 2007, and shall be effective until March 31, 2008, unless subsequently revoked.
Visit www.caremark.com to view the FoundSecure seal Caremark.
