18.5: Perform Periodic Internal Penetration Tests


Info icon.

Incorporates the following controls from the previous version of the control set: 20.2: Conduct Regular External and Internal Penetration Tests, 20.3: Perform Periodic Red Team Exercises.

Control Statement

Perform periodic internal penetration tests based on program requirements, no less than annually. The testing may be clear box or opaque box.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]