After Submitting an Assessment
An email notification will be sent to the email used to log into the CASA portal when results are ready for review. Once verification results have been determined, specialists will explain the output and any remediation required.
There are broadly three result outcomes:
-
Remediation required, or
-
CASA Tier 2 passed
-
CASA Tier 2 failed
If remediation is required, CASA specialists will provide remediation guidance directly viewable in the results dashboard. For any follow-ups or near-time support, the specialists can be reached using the "Messages" feature within the CASA portal.
If the app passed CASA Tier 2 verification, congratulations!
Applications only fail CASA Tier 2 verification if 3P developers: (1) fail to meet the deadline for completion, or (2) acknowledge nonconformity with CASA requirements and choose to forego verification.
Understand Your Results
CASA specialists will review any failed requirements and bucket them according to thematic findings and CWE ranking. The ultimate result of a CASA will be based on these failed CWEs.
Flip Your Bits
You will be able to view assessment results and address any requirements directly within the portal.
CASA specialists will provide recommendations and hands-on support for any failed requirements, based on OWASP best practices.
Follow the provided guidance to remediate any requirements and resubmit your CASA with updated responses.
If the assessment was passed, you will receive a Letter of Validation (LOV)