CSPs are required to perform (or acquire 3PAOs to perform) Red Team exercises in accordance with CA-8(2) and must provide evidence in the form of a Red Team test plan that documents the scope, methodology, and approach of the exercise. CSPs must also provide the results of the exercise in the form of a Red Team test report. 3PAOs are required to validate and attest to the Red Team test plan and report during the initial SAR testing and during annual assessment testing.
Comments
0 comments
Please sign in to leave a comment.