>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

VM-06Application Penetration Testing

>Control Description

Organization conducts penetration tests periodically.

Theme

Process

Type

Detective

Policy/Standard

Vulnerability Management Policy

>Implementation Guidance

1. Ensure that a process has been defined and documented for conducting penetration tests. 2. Ensure the results of the penetration tests are appropriately documented and tracked till remediation.

>Testing Procedure

1. Inspect and validate whether a process has been defined and documented for conducting penetration tests. 2. Validate the results of last penetration test and verify whether the findings were tracked till remediation.

>Audit Artifacts

E-VM-01
E-VM-08

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
4

16.13
18.1
18.2
18.5

FedRAMP Rev 5
4

CA-02 (01)
CA-07
SI-03
CA-08

PCI DSS
9

11.4.1
11.4.2
11.4.3
11.4.4
11.4.5
11.4.6
+3 more

HIPAA Security Rule
3

164.308(a)(1)(ii)(A)
164.308(a)(1)(ii)(B)
164.308(a)(8)

SOC 2
2

CC4.1
CC7.1

BSI C5
6

COM-03
OPS-18
OPS-19
OPS-20
PSS-02
OIS-05

TX-RAMP
3

CA-7
CA-8
SI-3

Ask AI

Configure your API key to use AI features.