Navigate

CCI-000934

CCI-000934 Definition

The organization employs a penetration testing process that includes unannounced attempts to bypass or circumvent security controls associated with physical access points to the facility on an organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed executes a penetration testing process annually, that includes unannounced attempts, as defined in its physical security assessment plan for testing effectiveness of security controls in place for physical access points to the facility. Results of all penetration testing will be documented as an audit trail. DoD has defined the frequency as annually.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the inspected organization's physical security assessment plan and reviews documented results to ensure annual penetration testing of physical access points occurred. DoD has defined the frequency as annually.

Compelling Evidence

1.) Audit trail of black box, grey box and white box pen testing

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000934.

Control	Description
PE-3(6)	The organization employs a penetration testing process that includes [one of ], unannounced attempts to bypass or circumvent security controls associated with physical access points to the facility.