A CCA who works for a C3PAO doubles as a penetration tester. When conducting a CMMC assessment for an OSC, he realizes their cybersecurity practices are lacking. Recognizing potential vulnerabilities in their systems, the CCA approaches the OSC’s cyber team and offers his penetration testing services. Which CoPC guiding principle or practice has the CCA failed to live up to?
Submit