20.7: Ensure Results from Penetration Test are Documented Using Open, Machine-readable Standards

CSF v1.1 References:

ID.RA-1

Group:

Control is withdrawn in the next version of this control set.

Control Statement

Wherever possible, ensure that Red Team results are documented using open, machine-readable standards (e.g., SCAP). Devise a scoring method for determining the results of Red Team exercises so that results can be compared over time.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]