Skip to main content

💼 CA-8 Penetration Testing

Description​

Conduct penetration testing [Assignment: organization-defined frequency] on [Assignment: organization-defined systems or system components].

Similar​

  • Internal
    • ID: dec-c-548a7bcb

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP High Security Controls → 💼 CA-8 Penetration Testing (L)(M)(H)2
💼 FedRAMP Low Security Controls → 💼 CA-8 Penetration Testing (L)(M)(H)
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations20
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties33
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities34
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded26

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
💼 CA-8(1) Penetration Testing _ Independent Penetration Testing Agent or Team
💼 CA-8(2) Penetration Testing _ Red Team Exercises
💼 CA-8(3) Penetration Testing _ Facility Penetration Testing