CMMCDocs.comHome / Glossary / Penetration Test
Penetration Test
Also known as: Pentest
An authorized simulated attack on a system to evaluate its security. Recommended but not strictly mandated at CMMC Level 2.
A penetration test is an authorized, simulated attack on a system, network, or application carried out by a security professional to identify exploitable vulnerabilities. Unlike a vulnerability scan, a pentest involves human expertise and active exploitation.
For CMMC Level 2, penetration testing is not strictly required by any single NIST SP 800-171 requirement, but it is strongly recommended. Many contractors conduct annual third-party pentests to validate that their controls actually work.
A pentest report becomes valuable assessment evidence — particularly under RA.L2-3.11.1 (risk assessment) and CA.L2-3.12.1 (security control assessment).
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account