18.3: Remediate Penetration Test Findings
Control is new to this version of the control set and incorporates the following control from the previous version: 3.7: Utilize a Risk-Rating Process.
Control Statement
Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]