安全控制:渗透测试和红队练习Security Control: Penetration Tests and Red Team Exercises

通过模拟攻击者的目标和操作,测试组织防御的整体实力(技术、流程和人员)。Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.

11.1:定期对 Azure 资源执行渗透测试,确保修正所有发现的关键安全问题11.1: Conduct regular penetration testing of your Azure resources and ensure remediation of all critical security findings

Azure IDAzure ID CIS IDCIS IDs 责任方Responsibility
11.111.1 20.1、20.2、20.3、20.4、20.5、20.6、20.7、20.820.1, 20.2, 20.3, 20.4, 20.5, 20.6, 20.7, 20.8 共享Shared

请遵循 Microsoft 互动规则,确保你的渗透测试不违反 Microsoft 政策。Follow the Microsoft Rules of Engagement to ensure your Penetration Tests are not in violation of Microsoft policies. 使用 Microsoft 红队演练策略和执行,以及针对 Microsoft 托管云基础结构、服务和应用程序执行现场渗透测试。Use Microsoft's strategy and execution of Red Teaming and live site penetration testing against Microsoft-managed cloud infrastructure, services, and applications.

后续步骤Next steps