>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

11.4.1A penetration testing methodology is defined, documented, and implemented by the entity, and includes: Industry-accepted penetration testing approaches.

>Requirement Description

A penetration testing methodology is defined, documented, and implemented by the entity, and includes: Industry-accepted penetration testing approaches. Coverage for the entire CDE perimeter and critical systems. Testing from both inside and outside the network. Testing to validate any segmentation and scope-reduction controls. Application-layer penetration testing to identify, at a minimum, the vulnerabilities listed in Requirement 6.2.4. Network-layer penetration tests that encompass all components that support network functions as well as operating systems. Review and consideration of threats and vulnerabilities experienced in the last 12 months. Documented approach to assessing and addressing the risk posed by exploitable vulnerabilities and security weaknesses found during penetration testing. Retention of penetration testing results and remediation activities results for at least 12 months. Applicability Notes Testing from inside the network (or “internal penetration testing”) means testing from both inside the CDE and into the CDE from trusted and untrusted internal networks. Testing from outside the network (or “external” penetration testing” means testing the exposed external perimeter of trusted networks, and critical systems connected to or accessible to public network infrastructures.

>Cross-Framework Mappings

SCF

DCH-18
Compare
IAO-04
Compare
TDA-15
Compare
VPM-07
Compare
VPM-07.1
Compare

Ask AI

Configure your API key to use AI features.