20.2: Conduct Regular External and Internal Penetration Tests

CSF v1.1 References:

PF v1.0 References:


Info icon.

The next version of the control set incorporates all or part of this control into: 18.2: Perform Periodic External Penetration Tests, 18.5: Perform Periodic Internal Penetration Tests.

Control Statement

Conduct regular external and internal penetration tests to identify vulnerabilities and attack vectors that can be used to exploit enterprise systems successfully.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]