Penetration Testing | CA-8

Description

  • Vulnerability tests and penetration tests must be conducted on a recurring basis on Internet websites and mobile applications that are exposed to the public internet that process any sensitive personal information, or confidential information as required by Texas Government Code §2054.516(a)(2).
  • Vulnerability tests should be conducted on High Impact Information Resources on a recurring basis.
  • Any vulnerabilities identified must be addressed in a time period determined by the Cybersecurity Manager in coordination with Information System Owners.
  • Results from vulnerability and penetration tests must be reported to the CITO periodically.

Last updated: 5/12/2026

Contact Hours or Questions?

Information on Tech Support