PE-3(6): Facility Penetration Testing

CSF v1.1 References:


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: CA-8: Penetration Testing.

Control Statement

The organization employs a penetration testing process that includes [Assignment: organization-defined frequency], unannounced attempts to bypass or circumvent security controls associated with physical access points to the facility.