20.7: Ensure Results from Penetration Test are Documented Using Open, Machine-readable Standards
CSF v1.1 References:
Group:
Control is withdrawn in the next version of this control set.
Control Statement
Wherever possible, ensure that Red Team results are documented using open, machine-readable standards (e.g., SCAP). Devise a scoring method for determining the results of Red Team exercises so that results can be compared over time.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]