Trusted Partner Network (TPN) compliance

What is the Trusted Partner Network?

The Trusted Partner Network is a security initiative established by the Motion Picture Association (MPA). The TPN publishes the MPA Content Security Best Practices and registers compliant vendors as trusted partners. The TPN was established to improve security among vendors working in the entertainment industry and protect valuable content.

MPA vulnerability scanning best practices

The MPA Best Practices v5.0 documentation describes the best practices and guidelines for vulnerability management. Specific to vulnerability scanning is control TS-25, which states:

Best Practices

Establish and regularly review a process and policy for Vulnerability Management, including vulnerability scans for both internal and external networks, cloud deployments, and virtual machines/containers, to include the following:

  • For external IP ranges and hosts, perform scans monthly at a minimum
  • For internal IP ranges and hosts, perform scans quarterly at a minimum
  • Investigate and have a remediation plan for issues
  • Perform a vulnerability scan after any major application or cloud infrastructure change
  • Apply internal scan to WFH/remote worker endpoints where possible

Also scan the following if applicable:

  • Production networks
  • Non-Production networks
  • Application Programming Interfaces (APIs)

Implementation Guidelines

Recommend implementing the following:

  • Investigate and have a remediation plan for critical issues within 48 hours
  • Authenticated and unauthenticated scanning
  • Leverage Open Web Application Security Project (OWASP)

Highlighted HostedScan Features

HostedScan provides automated vulnerability scanners and vulnerability management tools, which can help you achieve and maintain TPN compliance.

External IP and network vulnerability scanner, powered by OpenVAS

Web application and API vulnerability scanners, powered by OWASP ZAP

Authenticated scanning

Automated recurring scanning on a monthly, weekly, or daily schedule

Email alerts for any new findings

Reports and dashboard for vulnerability management and tracking remediation

Trusted by these companies and 1000s more

BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas

Sign up to get started

HostedScan is 100% read-only, and will never make any modifications to your servers.

Or through:

Sign up with Microsoft
Sign up with Google
Sign up with Github
DigitalOcean