CA-08-727 Penetration Testing

Penetration Testing

Penetration Testing
Security Assessment and Authorization
January 20, 2018

The chief information security officer shall ensure penetration testing of mission-critical, sensitive, and public-facing Agency information resources are performed on a recurring basis.

Vulnerabilities will not be validated or confirmed. The organization will be unable to assess their ability to withstand an attack directed at their information resources.
The organization conducts penetration testing [Assignment: organization-defined frequency] on [Assignment: organization-defined information systems or system components].
Penetration tests are performed on a recurring basis.
No statewide control