Navigate

CCI-002099

CCI-002099 Definition

Employ organization-defined red team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [CA-08(02)_ODP; red team exercises to simulate attempts by adversaries to compromise Organizational systems are defined] are employed to simulate attempts by adversaries to compromise Organizational systems in accordance with applicable rules of engagement.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing penetration testing; procedures addressing red team exercises; assessment plan; results of red team exercises; penetration test report; assessment report; rules of engagement; assessment evidence; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with assessment responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms supporting the employment of red team exercises].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002099.

Control	Description
CA-8(2)	Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: [red team exercises to simulate attempts by adversaries to compromise organizational systems are defined;].