CMMC Practices
Reference: CMMC 2.11
Family: CA
Level Introduced: 3
Title: Penetration Testing
Practice:
Conduct penetration testing at least annually or when significant security changes are made to the system, leveraging automated scanning tools and ad hoc tests using subject matter experts.
NIST 800-172 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
Source: CMMC v2.0