|
gptkbp:instanceOf
|
gptkb:NIST_Special_Publication
|
|
gptkbp:appliesTo
|
Federal information systems
|
|
gptkbp:category
|
Technical control
|
|
gptkbp:family
|
gptkb:Security_Assessment_and_Authorization_(CA)
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CA-8 Penetration Testing
|
|
gptkbp:improves
|
CA-8(1) Independent Penetration Agent or Team
CA-8(2) Red Team Exercises
|
|
gptkbp:mandate
|
gptkb:Federal_Information_Security_Modernization_Act_(FISMA)
|
|
gptkbp:partOf
|
gptkb:NIST_SP_800-53
|
|
gptkbp:purpose
|
To identify vulnerabilities and weaknesses in information systems
|
|
gptkbp:relatedTo
|
gptkb:CA-2_Security_Assessments
gptkb:CA-7_Continuous_Monitoring
RA-5 Vulnerability Scanning
|
|
gptkbp:requires
|
Remediation of identified vulnerabilities
Reporting of findings to appropriate officials
Penetration testing at organization-defined frequency
|
|
gptkbp:status
|
Baseline control for Moderate and High impact systems
|
|
gptkbp:updated
|
gptkb:NIST_SP_800-53_Revision_5
|
|
gptkbp:bfsParent
|
gptkb:Security_Assessment_and_Authorization_(CA)
|
|
gptkbp:bfsLayer
|
7
|