VPM-10
Red Team Exercises
Description
Mechanisms exist to utilize "red team" exercises to simulate attempts by adversaries to compromise Technology Assets, Applications and/or Services (TAAS) in accordance with organization-defined rules of engagement.
Control Question
Does the organization utilize "red team" exercises to simulate attempts by adversaries to compromise Technology Assets, Applications and/or Services (TAAS) in accordance with organization-defined rules of engagement?
Control Metadata
Domain:
Vulnerability & Patch Management
Validation Cadence:
Annual
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
13.3.113.3.213.4.113.4.2