Navigate

CCI-002095

CCI-002095 Definition

The organization defines the information systems or system components on which penetration testing will be conducted.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the information systems or system components on which penetration testing will be conducted. DoD has determined the information systems or system components are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information systems or system components to ensure the organization being inspected/assessed defines the information systems or system components on which penetration testing will be conducted. DoD has determined the information systems or system components are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) SOP/TTP defining which information systems or system components on which penetration testing will be conducted

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002095.

Control	Description
CA-8	The organization conducts penetration testing [Assignment: organization-defined frequency] on [Assignment: organization-defined information systems or system components].