>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

18.1Establish and Maintain a Penetration Testing Program

IG2
IG3
Documentation
Govern

>Control Description

Establish and maintain a penetration testing program appropriate to the size, complexity, industry, and maturity of the enterprise. Penetration testing program characteristics include scope, such as network, web application, Application Programming Interface (API), hosted services, and physical premise controls; frequency; limitations, such as acceptable hours, and excluded attack types; point of contact information; remediation, such as how findings will be routed internally; and retrospective requirements.

>Cross-Framework Mappings

SCF

VPM-07
Compare

Ask AI

Configure your API key to use AI features.