ITP.1.3.050 Security testing

The Tribe shall gain assurance of the adequacy of their risk mitigation strategy and implementation by:

(a) Basing their testing plan, test selection, and test frequency on the risk posed by potentially non-functioning controls;

(b) Establishing controls to mitigate the risks posed to systems from testing; and

(c) Using test results to evaluate whether security objectives are met.