CA-8(1)

  • Requirement

    Employ an independent penetration testing agent or team to perform penetration testing on the system or system components.

  • Discussion

    Independent penetration testing agents or teams are individuals or groups who conduct impartial penetration testing of organizational systems. Impartiality implies that penetration testing agents or teams are free from perceived or actual conflicts of interest with respect to the development, operation, or management of the systems that are the targets of the penetration testing. CA-2(1) provides additional information on independent assessments that can be applied to penetration testing.

More Info

  • Title

    Penetration Testing | Independent Penetration Testing Agent or Team
  • Family

    Assessment, Authorization, and Monitoring
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

    CA-2

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!