>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-11(2)Developer Security Testing

PBMM (P3)
Secret (P3)
Management

>Control Description

DEVELOPER SECURITY TESTING AND EVALUATION | THREAT AND VULNERABILITY ANALYSES The organization requires the developer of the information system, system component, or information system service to perform threat and vulnerability analyses and subsequent testing/evaluation of the as-built system, component, or service.

>Supplemental Guidance

Applications may deviate significantly from the functional and design specifications created during the requirements and design phases of the system development life cycle. Therefore, threat and vulnerability analyses of information systems, system components, and information system services prior to delivery are critical to the effective operation of those systems, components, and services. Threat and vulnerability analyses at this phase of the life cycle help to ensure that design or implementation changes have been accounted for, and that any new vulnerabilities created as a result of those changes have been reviewed and mitigated.

Related control: RA-5.

Ask AI

Configure your API key to use AI features.