This material is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is based upon work funded and supported by the Department of Homeland Security under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense.
The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation.
The display of the CISA logo or other CISA visual identities shall not be interpreted to provide any person or organization the authorization to use the official logo, insignia or other visual identities of the Cybersecurity and Infrastructure Security Agency.
CISA does not endorse any commercial product or service. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.
NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Penetration Testing Findings Repository v1.0 includes, references, and/or makes use of certain third party software and/or materials ("Third Party Materials"). By using Penetration Testing Findings Repository v1.0, You agree to comply with any and all relevant Third Party Materials terms and conditions contained in any such Third Party Materials or separate license file distributed with such Third Party Materials. The parties who own the Third Party Materials ("Third Party Licensors") are intended third party beneficiaries to this License with respect to the terms applicable to their Third Party Materials. Third Party Materials licenses only apply to the Third Party Materials and not any other portion of Penetration Testing Findings Repository v1.0 as a whole.
The Penetration Testing Findings Repository v1.0 specifically references the following Standards and Frameworks:
NIST SP 800-53 Rev. 5
Developed by National Institute of Standards and Technology (NIST) to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST SP 800-53 Rev. 5 is not subject to copyright in the United States. NIST SP 800-53 Rev. 5 is available free of charge from: https://doi.org/10.6028/NIST.SP.800-53r5
NIST CSF 1.1
NIST CSF 1.1 is the result of an ongoing collaborative effort involving industry, academia, and government. NIST launched the project by convening private- and public-sector organizations and individuals in 2013. Published in 2014 and revised during 2017 and 2018, this Framework for Improving Critical Infrastructure Cybersecurity has relied upon eight public workshops, multiple Requests for Comment or Information, and thousands of direct interactions with stakeholders from across all sectors of the United States along with many sectors from around the world. NIST CSF 1.1 is available free of charge from: https://doi.org/10.6028/NIST.CSWP.04162018
CIS CSC v8
CIS Critical Security Controls® Version 8 (CIS CSC v8) is published by the Center for Internet Security® (CIS®). CIS CSC v8 is a prioritized set of actions to protect organizations and data from cyber-attack vectors. Please visit http://www.cisecurity.org/controls/ to ensure access to the most up-to-date guidance. CIS CSC v8 is licensed under a Creative Commons Attribution-NonCommercial-No Derivatives 4.0 International Public License (the link can be found at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode).
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. DM21-0999
AI's depiction of releasing this website as a book