ANNEX VI
Content of the blue team test report (Article 12(4))
The blue team test report shall contain information on at least all of the following:
|
1. |
for each attack step described by the testers in the red team test report:
|
|
2. |
assessment of the findings and recommendations of the testers; |
|
3. |
evidence of the attack by the testers collected by the blue team; |
|
4. |
blue team root cause analysis of successful attacks by the testers; |
|
5. |
list of lessons learned and identified potential for improvement; |
|
6. |
list of topics to be addressed in purple teaming. |