Navigate

CCI-002096

CCI-002096 Definition

Employ an independent penetration agent or penetration team to perform penetration testing on the system or system components.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if an independent penetration testing agent or team is employed to perform penetration testing on the system or system components.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing penetration testing; assessment plan; penetration test report; assessment report; security assessment evidence; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with assessment responsibilities; organizational personnel with information security and privacy responsibilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002096.

Control	Description
CA-8(1)	Employ an independent penetration testing agent or team to perform penetration testing on the system or system components.