18.5: Perform Periodic Internal Penetration Tests

Perform periodic internal penetration tests based on program requirements, no less than annually. The testing may be clear box or opaque box.

Asset Type	Security Function	Implementation Groups
N/A	Identify	3

Dependencies

Safeguard 18.1: Establish and Maintain a Penetration Testing Program

Inputs

GV55: Most Recent Internal Penetration Report

Operations

Check Input 1 GV55 for date of most recent internal penetration test. Compare date to current date and capture timeframe in months (M1)

Measures

M1 = Timeframe since last internal penetration test

Metrics

If M1 is greater than twelve months, then this safeguard is measured at a 0 and receives a failing score. The other metrics don’t apply.

Read the Docs v: stable

Versions: latest; stable

Downloads

On Read the Docs: Project Home; Builds