# Standards and References - Continuous Security Validation with BAS

## BAS Platforms
- SafeBreach: https://www.safebreach.com/
- AttackIQ: https://www.attackiq.com/
- Picus Security: https://www.picussecurity.com/
- Cymulate: https://cymulate.com/
- Pentera: https://pentera.io/
- SCYTHE: https://scythe.io/

## Industry Standards
- **MITRE ATT&CK Framework**: https://attack.mitre.org/
- **Gartner BAS Market Guide**: Breach and Attack Simulation Tools
- **NIST CSF 2.0 DE.CM**: Security Continuous Monitoring
- **CIS Controls v8.1 Control 18**: Penetration Testing

## Gartner Recognition (2024)
- Picus Security: 2024 Customers' Choice for BAS Tools
- Category evolution: BAS -> Adversarial Exposure Validation (2025)

## Key Metrics
| Metric | Description | Target |
|--------|-------------|--------|
| Prevention Rate | % of attacks blocked | > 80% |
| Detection Rate | % of attacks alerted | > 90% (combined) |
| MITRE Coverage | % of techniques tested | > 60% |
| Validation Frequency | How often tests run | Daily/Weekly |