Our company requires penetration testing of IT PAM to be performed, or alternately this requirement can be satisfied with the vendor's attestation that penetration testing haven been performed (and on what releases).

Release: 4.3 +

A penetration test (pen test) is an authorized simulated attack performed on a computer system/Application software to evaluate its security.

“The CA Process Automation 4.3 along with the service pack 05 (i.e. CA PAM 4.3.05) has been developed using Broadcom's standard secure development strategies and tactics described in the CA Secure Software Development Lifecycle (CA SSDLC). These strategies and tactics include but are not limited to penetration testing (pen test) using tools as well as manual methods. When applicable, our tools and processes use the Common Vulnerability Scoring System (CVSS) that calculates the score of each identified vulnerability based on multiple factors. Each identified vulnerability is classified as High risk if the CVSS score is 7.0 or higher and medium risk if the CVSS score is in the range of 4.0 - 6.9.  It is highly recommended that the customers upgrade to the latest patch on 4.3.05 i.e., 4.3.05 CP08 or the latest release of 4.4 CP02.”