CCI-000284

The organization schedules announced or unannounced assessments (in-depth monitoring, malicious user testing, penetration testing, red team exercises, or other organization-defined forms of security assessment), on an organization-defined frequency, to ensure compliance with all vulnerability mitigation procedures.

Implementation Guidance

Validation Procedures

The controls below (if any) were marked by NIST as being related to CCI-000284.