Navigate

CCI-002094

CCI-002094 Definition

Defines the frequency for conducting penetration testing on organization-defined systems or system components.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if penetration testing is conducted [CA-08_ODP[01]; frequency at which to conduct penetration testing on systems or system components is defined] on [CA-08_ODP[02]; systems or system components on which penetration testing is to be conducted are defined].

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing penetration testing; assessment plan; penetration test report; assessment report; assessment evidence; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with control assessment responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms supporting penetration testing].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002094.

Control	Description
CA-8	Conduct penetration testing [frequency at which to conduct penetration testing on systems or system components is defined;] on [systems or system components on which penetration testing is to be conducted are defined;].