{"id":1113,"date":"2024-07-16T21:33:04","date_gmt":"2024-07-16T21:33:04","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1113"},"modified":"2024-09-06T21:26:18","modified_gmt":"2024-09-06T21:26:18","slug":"ca-8-penetration-testing","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/assessment-authorization-and-monitoring-ca\/ca-8-penetration-testing\/","title":{"rendered":"CA-8: Penetration Testing"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CA-8: Penetration Testing<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>06\/26\/2024<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Information resource owners, in coordination with Tarleton\u2019s Office of Innovative Technology Solutions (OITS) Security Team, are responsible for ensuring that penetration testing is completed, based on risk management decisions.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Penetration testing should be conducted on a reoccurring basis on Internet websites and\/or mobile applications that are exposed to the public internet that process or store sensitive, personally identifiable information (PII), or confidential information as required by Texas Government Code <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.0591:~:text=Sec.%202054.516.%20%20DATA%20SECURITY%20PLAN%20FOR%20ONLINE%20AND%20MOBILE%20APPLICATIONS.\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.516(a)(2)<\/a>.&nbsp;\n<ul class=\"wp-block-list\">\n<li>The information gathered during penetration testing should be reported to the Tarleton Chief Information Security Officer (CISO) and\/or the Tarleton OITS Security Team for assessing and managing security.&nbsp;&nbsp;<\/li>\n\n\n\n<li>An external network penetration test shall be conducted biennially (every two years) at a minimum in accordance with the Texas Department of Information Resources (DIR) Security Controls Catalog.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p><a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.0591:~:text=Sec.%202054.516.%20%20DATA%20SECURITY%20PLAN%20FOR%20ONLINE%20AND%20MOBILE%20APPLICATIONS.\" target=\"_blank\" rel=\"noreferrer noopener\">Tex. Gov\u2019t Code Section 2054.516(a)(2)<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CA-8: Penetration Testing NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;06\/26\/2024 References\/Additional Resources Tex. Gov\u2019t Code Section 2054.516(a)(2)&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":788,"menu_order":9,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1113","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 16, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 16, 2024 9:33 pm","modified":"Updated on September 6, 2024 9:26 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1113"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1113\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}