PE-3(6): Facility Penetration Testing

Control Family:

Physical And Environmental Protection

Parent Control:

PE-3: Physical Access Control

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-2
DE.CM-2
DE.CM-7
DE.DP-3

Threats Addressed:

Tampering
Information Disclosure

Baselines:

(Not part of any baseline)

Control is withdrawn in the next version of this control set and incorporated into: CA-8: Penetration Testing.

Control Statement

The organization employs a penetration testing process that includes [Assignment: organization-defined frequency], unannounced attempts to bypass or circumvent security controls associated with physical access points to the facility.