{"component": "definition", "props": {"groups": [{"samples": [{"hash": "gM6vAxZ0Ve8", "uri": "/contracts/gM6vAxZ0Ve8#penetration-testing", "label": "Contract", "score": 31.2487049103, "published": true}, {"hash": "7FpcSAICVYQ", "uri": "https://solicitations.jsi.com/JSIInternet/Documents/_download_sol.cfm?docid=665", "label": "solicitations.jsi.com", "score": 18.2598152161, "published": false}, {"hash": "e1spZQZfIaY", "uri": "https://encompassworld.com/wp-content/uploads/2024/08/RFP-24-10020-03.pdf", "label": "encompassworld.com", "score": 18.2244472504, "published": false}], "size": 107, "snippet_links": [{"key": "security-testing", "type": "definition", "offset": [6, 22]}, {"key": "security-features", "type": "definition", "offset": [109, 126]}], "snippet": "means security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network. (NIST SP 800-115)", "hash": "55ed0b7572b01e904d78128fd9c7be65", "id": 1}, {"samples": [{"hash": "j1PcjLcEZQz", "uri": "/contracts/j1PcjLcEZQz#penetration-testing", "label": "Contract for Report on School Admissions", "score": 36.527721405, "published": true}, {"hash": "ktFUV8zsolI", "uri": "/contracts/ktFUV8zsolI#penetration-testing", "label": "Contract", "score": 34.527721405, "published": true}, {"hash": "keyv0Y6kz5N", "uri": "/contracts/keyv0Y6kz5N#penetration-testing", "label": "Conditions of Funding (Grant)", "score": 34.4009132385, "published": true}], "size": 87, "snippet_links": [{"key": "availability-of-information", "type": "clause", "offset": [151, 178]}, {"key": "it-system", "type": "definition", "offset": [192, 201]}, {"key": "distribution-of", "type": "clause", "offset": [281, 296]}, {"key": "classified-information", "type": "definition", "offset": [297, 319]}, {"key": "need-to-know", "type": "clause", "offset": [350, 362]}, {"key": "in-order-to", "type": "clause", "offset": [364, 375]}], "snippet": "means an assessment to identify risks and vulnerabilities in systems, applications and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. \u201cNeed-to-Know\u201d the Need-to-Know principle is employed within HMG to limit the distribution of classified information to those people with a clear \u2018need to know\u2019 in order to carry out their duties.", "hash": "65a8c3945541a1a34025c8f81c0930ad", "id": 2}, {"samples": [{"hash": "gQjY0bEEa1t", "uri": "/contracts/gQjY0bEEa1t#penetration-testing", "label": "Contract", "score": 29.9648780823, "published": true}, {"hash": "lBS0lyXzlJ5", "uri": "/contracts/lBS0lyXzlJ5#penetration-testing", "label": "Contract", "score": 29.0935344696, "published": true}, {"hash": "fcwtjkeZYDU", "uri": "/contracts/fcwtjkeZYDU#penetration-testing", "label": "Contract", "score": 26.605638504, "published": true}], "size": 32, "snippet_links": [{"key": "security-testing", "type": "definition", "offset": [6, 22]}, {"key": "security-features", "type": "definition", "offset": [109, 126]}], "snippet": "means security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.", "hash": "d4a10a8c9fe2dba49aece679cbbcc083", "id": 3}, {"samples": [{"hash": "j0XJ8uIc9jF", "uri": "/contracts/j0XJ8uIc9jF#penetration-testing", "label": "Broker Dealer Selling Agreement (Pruco Life Variable Universal Account)", "score": 36.8028755188, "published": true}, {"hash": "h83ffE2AHZa", "uri": "/contracts/h83ffE2AHZa#penetration-testing", "label": "Broker Dealer Selling Agreement (Pruco Life Variable Universal Account)", "score": 36.2854194641, "published": true}, {"hash": "9lHveP0Be3U", "uri": "/contracts/9lHveP0Be3U#penetration-testing", "label": "Broker Dealer Selling Agreement (Pruco Life Variable Universal Account)", "score": 36.2854194641, "published": true}], "size": 17, "snippet_links": [{"key": "test-methodology", "type": "clause", "offset": [8, 24]}, {"key": "security-features", "type": "definition", "offset": [80, 97]}, {"key": "information-system", "type": "definition", "offset": [104, 122]}], "snippet": "means a test methodology in which assessors attempt to circumvent or defeat the security features of an Information System by attempting penetration of databases or controls from outside or inside an Information System.", "hash": "e946ac87d8a70df93e72fbb45bba6630", "id": 4}, {"samples": [{"hash": "3QX6YwaGI7w", "uri": "/contracts/3QX6YwaGI7w#penetration-testing", "label": "Contract for Skills Bootcamps", "score": 36.550994873, "published": true}, {"hash": "eEotJtZGVnb", "uri": "/contracts/eEotJtZGVnb#penetration-testing", "label": "Conditions of Funding (Grant)", "score": 35.3661994934, "published": true}, {"hash": "gifSaFXrtcf", "uri": "/contracts/gifSaFXrtcf#penetration-testing", "label": "Conditions of Funding (Grant)", "score": 35.3566894531, "published": true}], "size": 13, "snippet_links": [{"key": "availability-of-information", "type": "clause", "offset": [151, 178]}, {"key": "it-system", "type": "definition", "offset": [192, 201]}], "snippet": "means an assessment to identify risks and vulnerabilities in systems, applications and networks which may compromise the confidentiality, integrity or availability of information held on that IT system.", "hash": "442443e821c017cfb5e02870ec0d89d5", "id": 5}, {"samples": [{"hash": "6pIIQWzpDcM", "uri": "https://advocacy.calchamber.com/wp-content/uploads/2025/02/CalChamber-Comment-CCPA-Draft-Regulations-Cyber-Audits-Risk-Assessments-ADMT-Feb-18-2025.pdf", "label": "advocacy.calchamber.com", "score": 19.9852142334, "published": false}, {"hash": "yEqnLhfSMO", "uri": "https://dpo-india.com/Resources/privacy_laws_in_USA/California-Privacy-Regulations-Unofficial-IAPP-redline-comparison-draft-regulations.pdf", "label": "dpo-india.com", "score": 19.2418651581, "published": false}, {"hash": "6vkY0e1YgNZ", "uri": "https://cppa.ca.gov/meetings/materials/20241004_item3_draft_text.pdf", "label": "cppa.ca.gov", "score": 18.4825782776, "published": false}], "size": 7, "snippet_links": [{"key": "means-testing", "type": "definition", "offset": [0, 13]}, {"key": "security-of", "type": "clause", "offset": [18, 29]}, {"key": "security-features", "type": "definition", "offset": [94, 111]}, {"key": "the-information-system", "type": "clause", "offset": [152, 174]}], "snippet": "means testing the security of an information system by attempting to circumvent or defeat its security features by authorizing attempted penetration of the information system.", "hash": "e9f3b0cfeb6f0c9872268167643fa98e", "id": 6}, {"samples": [{"hash": "2L0OFVrmCyd", "uri": "https://arkleg.state.ar.us/Home/FTPDocument?path=/ACTS/2025R/Public/ACT557.pdf", "label": "arkleg.state.ar.us", "score": 18.2840747833, "published": false}, {"hash": "hCsYY9Ngqjk", "uri": "https://arkleg.state.ar.us/Home/FTPDocument?path=/Bills/2025R/Public/HB1466.pdf", "label": "arkleg.state.ar.us", "score": 18.1090087891, "published": false}, {"hash": "6h9WJ3GyMKH", "uri": "https://arkleg.state.ar.us/Home/FTPDocument?path=/Bills/2025R/Public/HB1467.pdf", "label": "arkleg.state.ar.us", "score": 18.0825710297, "published": false}], "size": 6, "snippet_links": [{"key": "test-methodology", "type": "clause", "offset": [8, 24]}], "snippet": "means a test methodology in which", "hash": "0ebc7f761058542aa89f6fa5b127dfd5", "id": 7}, {"samples": [{"hash": "a6S8PePSmoT", "uri": "/contracts/a6S8PePSmoT#penetration-testing", "label": "Framework Agreement", "score": 30.3053283691, "published": true}, {"hash": "bKV7wi2GcsA", "uri": "/contracts/bKV7wi2GcsA#penetration-testing", "label": "Framework Agreement", "score": 29.782491684, "published": true}, {"hash": "7zsul92pR95", "uri": "/contracts/7zsul92pR95#penetration-testing", "label": "Framework Agreement", "score": 29.2596530914, "published": true}], "size": 6, "snippet_links": [{"key": "the-testing", "type": "definition", "offset": [6, 17]}, {"key": "it-systems", "type": "clause", "offset": [21, 31]}, {"key": "it-services", "type": "clause", "offset": [36, 47]}, {"key": "security-vulnerabilities", "type": "definition", "offset": [70, 94]}], "snippet": "means the testing of IT systems and IT services to identify potential security vulnerabilities, and subsequently recommending effective security countermeasures;", "hash": "ea402bc537bdff5e055800d948f856de", "id": 8}, {"samples": [{"hash": "bzxqUlmSJ2r", "uri": "https://ndlegis.gov/assembly/69-2025/regular/documents/25-8110-03000.pdf", "label": "ndlegis.gov", "score": 17.183921814, "published": false}, {"hash": "b3168mTTpBm", "uri": "https://ndlegis.gov/assembly/69-2025/regular/documents/25-8110-02001m.pdf", "label": "ndlegis.gov", "score": 17.0515651703, "published": false}, {"hash": "eBlD711jepA", "uri": "https://ndlegis.gov/assembly/69-2025/regular/documents/25-8110-02000.pdf", "label": "ndlegis.gov", "score": 16.9545001984, "published": false}], "size": 5, "snippet_links": [{"key": "test-methodology", "type": "clause", "offset": [8, 24]}], "snippet": "means a test methodology in which assessors attempt to", "hash": "bd36ca64158d29047c4af339477b564e", "id": 9}, {"samples": [{"hash": "d3Kf7PC4hg9", "uri": "https://jutacomplinews.co.za/media/filestore/2024/07/Joint_Standard_2_of_2024__Cybersecurity__Cyber_resilience_Requirements_1.pdf", "label": "jutacomplinews.co.za", "score": 19.2509117126, "published": false}, {"hash": "6Oe4YRQWqts", "uri": "https://www.masthead.co.za/wp-content/uploads/2024/01/FSCA-PA_Draft_Joint_Standard_Cybersecurity_and_Cyber_Resilience_2023-1.pdf", "label": "www.masthead.co.za", "score": 19.0694675446, "published": false}, {"hash": "24zqFxpRvKJ", "uri": "https://moonstonedesk.co.za/plist/nuusbrief/MS%20Library/Annexure-A-Joint-Standard-Cybersecurity-and-cyber-resilience.pdf", "label": "moonstonedesk.co.za", "score": 17.7469406128, "published": false}], "size": 5, "snippet_links": [{"key": "test-methodology", "type": "clause", "offset": [10, 26]}, {"key": "system-design", "type": "definition", "offset": [89, 102]}, {"key": "source-code", "type": "definition", "offset": [104, 115]}, {"key": "security-features", "type": "definition", "offset": [191, 208]}, {"key": "it-system", "type": "definition", "offset": [215, 224]}], "snippet": "1 means a test methodology in which assessors, using all available documentation such as system design, source code, manuals and working under specific constraints, attempt to circumvent the security features of an IT system;", "hash": "cbbf4dcadd3af5edd911fa0082f2e4e1", "id": 10}], "next_curs": "CmASWmoVc35sYXdpbnNpZGVyY29udHJhY3RzcjwLEhpEZWZpbml0aW9uU25pcHBldEdyb3VwX3Y1NiIccGVuZXRyYXRpb24tdGVzdGluZyMwMDAwMDAwYQyiAQJlbhgAIAA=", "definition": {"size": 325, "title": "Penetration Testing", "snippet": "means security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network. (NIST SP 800-115)", "id": "penetration-testing", "examples": ["Unless Broker-Dealer conducts continuous monitoring of its Information Systems to detect, on an ongoing basis, changes in such Information Systems that may create or indicate vulnerabilities, Broker- Dealer shall conduct: (a) <strong>Penetration Testing</strong> of its Information Systems at least annually; and (b) vulnerability assessments at least bi-annually, including any systematic scans or reviews of its Information Systems reasonably designed to identify publicly known cybersecurity vulnerabilities 6."], "related": [["percolation-test", "Percolation test", "Percolation test"], ["genetic-testing", "Genetic testing", "Genetic testing"], ["cannabis-testing-facility", "Cannabis testing facility", "Cannabis testing facility"], ["sexual-penetration", "Sexual penetration", "Sexual penetration"], ["penetrant", "Penetrant", "Penetrant"]], "related_snippets": [], "updated": "2026-05-15T04:24:17+00:00"}, "json": true, "cursor": ""}}