πΌ CA-8 Penetration Testing
- Contextual name: πΌ CA-8 Penetration Testing
- ID:
/frameworks/nist-sp-800-53-r5/ca/08 - Located in: πΌ CA Assessment, Authorization, And Monitoring
Descriptionβ
Conduct penetration testing [Assignment: organization-defined frequency] on [Assignment: organization-defined systems or system components].
Similarβ
- Internal
- ID:
dec-c-548a7bcb
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ CA-8 Penetration Testing (L)(M)(H) | 2 | |||
| πΌ FedRAMP Low Security Controls β πΌ CA-8 Penetration Testing (L)(M)(H) | ||||
| πΌ NIST CSF v2.0 β πΌ ID.IM-01: Improvements are identified from evaluations | 10 | |||
| πΌ NIST CSF v2.0 β πΌ ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | 23 | |||
| πΌ NIST CSF v2.0 β πΌ ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | 24 | |||
| πΌ NIST CSF v2.0 β πΌ ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded | 22 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CA-8(1) Penetration Testing _ Independent Penetration Testing Agent or Team | ||||
| πΌ CA-8(2) Penetration Testing _ Red Team Exercises | ||||
| πΌ CA-8(3) Penetration Testing _ Facility Penetration Testing |