Mechanisms exist to conduct penetration testing on Technology Assets, Applications and/or Services (TAAS).
Control Question
Assessment question for control validation
Does the organization conduct penetration testing on Technology Assets, Applications and/or Services (TAAS)?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Core Control Designations
Special designations and baseline inclusions
MAD: VPM-07
ESP Level 2: VPM-07
ESP Level 3: VPM-07