this should be an easy question, but I cant seem to find a good list. so I figured I would ask my new favorite site!
What industry regulations require Pen Testing? I know the sections in PCI, and I know HIPAA kinda almost suggests it. What other regs state that you must?