💼 CA-8 Penetration Testing
- ID:
/frameworks/nist-sp-800-53-r5/ca/08
Description​
Conduct penetration testing [Assignment: organization-defined frequency] on [Assignment: organization-defined systems or system components].
Similar​
- Internal
- ID:
dec-c-548a7bcb
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 CA-8 Penetration Testing (L)(M)(H) | 2 | no data | |||
| 💼 FedRAMP Low Security Controls → 💼 CA-8 Penetration Testing (L)(M)(H) | no data | ||||
| 💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations | 26 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | 40 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | 41 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded | 31 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CA-8(1) Penetration Testing _ Independent Penetration Testing Agent or Team | no data | ||||
| 💼 CA-8(2) Penetration Testing _ Red Team Exercises | no data | ||||
| 💼 CA-8(3) Penetration Testing _ Facility Penetration Testing | no data |