| 💼 11.4.1 A penetration testing methodology is defined, documented, and implemented by the entity. | | | | | no data |
| 💼 11.4.2 Internal penetration testing is performed. | | | | | no data |
| 💼 11.4.3 External penetration testing is performed. | | | | | no data |
| 💼 11.4.4 Exploitable vulnerabilities and security weaknesses found during penetration testing are corrected. | | | | | no data |
| 💼 11.4.5 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls. | | | | | no data |
| 💼 11.4.6 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls. | | | | | no data |
| 💼 11.4.7 Multi-tenant service providers support their customers for external penetration testing per Requirement 11.4.3 and 11.4.4. | | | | | no data |