penetration-testing

penetration-testing Controls

3 controls across 3 frameworks.

CISA CPG

Penetration testing or red team exercises are conducted at least annually

Vulnerability Management / Vulnerability Management

Perform periodic technical and non-technical evaluations of security controls in response to environmental or operational changes

Administrative Safeguards / Evaluation

Improvements are identified from security tests and exercises

Identify / Improvement