CA-8(3): Facility Penetration Testing
Control Family:
Parent Control:
Baselines:
(Not part of any baseline)
Control is new to this version of the control set.
Control Statement
Employ a penetration testing process that includes [Assignment: organization-defined frequency] [Assignment: announced, unannounced] attempts to bypass or circumvent controls associated with physical access points to the facility.
Supplemental Guidance
Penetration testing of physical access points can provide information on critical vulnerabilities in the operating environments of organizational systems. Such information can be used to correct weaknesses or deficiencies in physical controls that are necessary to protect organizational systems.