AuditRubric
red-team

red-team Controls

2 controls across 2 frameworks.

CISA CPG

vm-5

Penetration testing or red team exercises are conducted at least annually

Vulnerability Management / Vulnerability Management

NIST CSF

id-im-2

Improvements are identified from security tests and exercises

Identify / Improvement