18.3: Remediate Penetration Test Findings


Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: 3.7: Utilize a Risk-Rating Process.

Control Statement

Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]