Penetration test authorization
If you plan to perform a penetration test on your customer applications, please send the following information to cloud.gov support ahead of your planned test:
* Source IPs (for testers and their tools): * Start date: * End date:
This request is only necessary for in-depth security testing, which is a common step in agency ATO processes for customer systems. You don’t need to wait for an approval; simply sending the notification is sufficient. You can always run routine vulnerability scans on your own applications without special authorization.