Security Control: Penetration Tests and Red Team Exercises
Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.
11.1: Conduct regular penetration testing of your Azure resources and ensure remediation of all critical security findings within 60 days
|Azure ID||CIS IDs||Responsibility|
Follow the Microsoft Rules of Engagement to ensure your Penetration Tests are not in violation of Microsoft policies:
You can find more information on Microsoft’s strategy and execution of Red Teaming and live site penetration testing against Microsoft-managed cloud infrastructure, services, and applications, here:
Read more about Azure Security Controls