AuditRubric
penetration-testing

penetration-testing Controls

3 controls across 3 frameworks.

CISA CPG

vm-5

Penetration testing or red team exercises are conducted at least annually

Vulnerability Management / Vulnerability Management

HIPAA

hipaa-as-8

Perform periodic technical and non-technical evaluations of security controls in response to environmental or operational changes

Administrative Safeguards / Evaluation

NIST CSF

id-im-2

Improvements are identified from security tests and exercises

Identify / Improvement