An OSCAL Control
Employ an independent penetration testing agent or team to perform penetration testing on the system or system components.
Independent penetration testing agents or teams are individuals or groups who conduct impartial penetration testing of organizational systems. Impartiality implies that penetration testing agents or teams are free from perceived or actual conflicts of interest with respect to the development, operation, or management of the systems that are the targets of the penetration testing. CA-2(1) provides additional information on independent assessments that can be applied to penetration testing.
an independent penetration testing agent or team is employed to perform penetration testing on the system or system components.
Assessment, authorization, and monitoring policy
procedures addressing penetration testing
assessment plan
penetration test report
assessment report
security assessment evidence
system security plan
privacy plan
other relevant documents or records
Organizational personnel with assessment responsibilities
organizational personnel with information security and privacy responsibilities