CA-8(3): Facility Penetration Testing

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

Employ a penetration testing process that includes [Assignment: organization-defined frequency] [Assignment: announced, unannounced] attempts to bypass or circumvent controls associated with physical access points to the facility.

Supplemental Guidance

Penetration testing of physical access points can provide information on critical vulnerabilities in the operating environments of organizational systems. Such information can be used to correct weaknesses or deficiencies in physical controls that are necessary to protect organizational systems.