>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CA-8(1)Penetration Testing

Management

>Control Description

PENETRATION TESTING | INDEPENDENT PENETRATION AGENT OR TEAM The organization employs an independent penetration agent or penetration team to perform penetration testing on the information system or system components.

>Supplemental Guidance

Independent penetration agents or teams are individuals or groups who conduct impartial penetration testing of organizational information systems. Impartiality implies that penetration agents or teams are free from any perceived or actual conflicts of interest with regard to the development, operation, or management of the information systems that are the targets of the penetration testing. Supplemental guidance for CA-2 (1) provides additional information regarding independent assessments that can be applied to penetration testing.

Related control: CA-2.

Ask AI

Configure your API key to use AI features.