ITP.1.3.050 Security testing
The Tribe shall gain assurance of the adequacy of their risk mitigation strategy and implementation by:
(a) Basing their testing plan, test selection, and test frequency on the risk posed by potentially non-functioning controls;
(b) Establishing controls to mitigate the risks posed to systems from testing; and
(c) Using test results to evaluate whether security objectives are met.