A. The existing nightly scan can continue with a few changes. The external testing company must be notified of the new IP address of the workload and the security group of the workload must be modified to allow scans from the external company’s IP range.
B. If the external company is a vendor in the AWS Marketplace, notify them of the new IP address of the workload.
C. Submit a penetration testing request every 90 days and have the external company test externally when the request is approved.
D. AWS performs vulnerability testing behind the scenes daily and patches instances as needed. If a vulnerability cannot be automatically addressed, a notification email is distributed.