>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-11(4)Developer Security Testing

PBMM (P3)
Secret (P3)
Management

>Control Description

DEVELOPER SECURITY TESTING AND EVALUATION | MANUAL CODE REVIEWS The organization requires the developer of the information system, system component, or information system service to perform a manual code review of organization-defined specific code using organization-defined processes, procedures, and/or techniques.

>Supplemental Guidance

Manual code reviews are usually reserved for the critical software and firmware components of information systems. Such code reviews are uniquely effective at identifying weaknesses that require knowledge of the application’s requirements or context which are generally unavailable to more automated analytic tools and techniques such as static or dynamic analysis. Components benefiting from manual review include for example, verifying access control matrices against application controls and reviewing more detailed aspects of cryptographic implementations and controls.

>Tailoring Guidance

Apply to boundary and other security critical components. For COTS products require 3rd party evaluation such as Common Criteria.

Ask AI

Configure your API key to use AI features.