20.4: Include Tests for Presence of Unprotected System Information and Artifacts
The next version of the control set incorporates all or part of this control into: 18.2: Perform Periodic External Penetration Tests.
Control Statement
Include tests for the presence of unprotected system information and artifacts that would be useful to attackers, including network diagrams, configuration files, older penetration test reports, e-mails or documents containing passwords or other information critical to system operation.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]