Statement

West Texas A&M University shall ensure that penetration testing is properly conducted on appropriate systems to identify vulnerabilities. 

Applicability

The intended audience includes information resource owners and custodians. This control applies any internet accessible system hosted by WTAMU.

Implementation

• Appropriate penetration testing shall be conducted on a reocruing bases as outlined in Texas Government Code SS 2054.516(a)(2). 
• Information gathered during penetration testing shall be shared with the CIO, ISO and appropriate IT system administrators for assessing and remediation of found vulnerabilites.
• An external network penetration test shall be conducted  at least biennially (every two years).