Citation Matching
Project 1303 –
Task 51667
| Instructions: Identify the Control, if it exists, to which the Citation should be mapped. | Task Description: Match the "11.3" Citation to a Control | Authority Document URL: Website URI Document URI |
|
Citation Reference: 11.3 Citation Guidance: Implement a methodology for penetration testing that includes the following: - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network - Includes testing to validate any segmentation and scope-reduction controls - Defines application-layer penetration tests to include, at a minimum, the vulnerabilities listed in Requirement 6.5 - Defines network-layer penetration tests to include components that support network functions as well as operating systems - Includes review and consideration of threats and vulnerabilities experienced in the last 12 months - Specifies retention of penetration testing results and remediation activities results. | ||
Compare Guidance Text
|
The new guidance differs from the current guidance, see below:
The new guidance is identical to the current guidance.
|
Why are you sending the task back? (optional)