Essential Cybersecurity Controls (ECC – 2 : 2024) - Penetration Testing; Documentation and Requirements - Lake Ridge

Compliance Solutions

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More
About
Contact

Login

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-11-1

Cybersecurity Requirements For Penetration Testing Exercises Must Be Defined, Documented And Approved.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-11-2

The Cybersecurity Requirements For Penetration Testing Processes Must Be Implemented.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-11-3

The cybersecurity requirements for penetration testing processes must include at least the following:

Scope of penetration tests which must cover Internet-facing services and its technical components including infrastructure, websites, web applications, mobile apps, email and remote access.
Conducting penetration tests periodically.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-11-4

Cybersecurity Requirements For Penetration Testing Processes Must Be Reviewed Periodically.

View Requirement