CA-8 Penetration Testing

GPTKB entity

Statements (20)
Predicate Object
gptkbp:instanceOf gptkb:NIST_Special_Publication
gptkbp:appliesTo Federal information systems
gptkbp:category Technical control
gptkbp:family gptkb:Security_Assessment_and_Authorization_(CA)
https://www.w3.org/2000/01/rdf-schema#label CA-8 Penetration Testing
gptkbp:improves CA-8(1) Independent Penetration Agent or Team
CA-8(2) Red Team Exercises
gptkbp:mandate gptkb:Federal_Information_Security_Modernization_Act_(FISMA)
gptkbp:partOf gptkb:NIST_SP_800-53
gptkbp:purpose To identify vulnerabilities and weaknesses in information systems
gptkbp:relatedTo gptkb:CA-2_Security_Assessments
gptkb:CA-7_Continuous_Monitoring
RA-5 Vulnerability Scanning
gptkbp:requires Remediation of identified vulnerabilities
Reporting of findings to appropriate officials
Penetration testing at organization-defined frequency
gptkbp:status Baseline control for Moderate and High impact systems
gptkbp:updated gptkb:NIST_SP_800-53_Revision_5
gptkbp:bfsParent gptkb:Security_Assessment_and_Authorization_(CA)
gptkbp:bfsLayer 7