SA-15(7)—Development Process, Standards, And Tool
PBMM (P3)
Secret (P3)
Management
>Control Description
DEVELOPMENT PROCESS, STANDARDS, AND TOOLS | AUTOMATED VULNERABILITY ANALYSIS The organization requires the developer of the information system, system component, or information system service to: (a) Perform an automated vulnerability analysis using ⚙organization-defined tools; (b) Determine the exploitation potential for discovered vulnerabilities; (c) Determine potential risk mitigations for delivered vulnerabilities; and (d) Deliver the outputs of the tools and results of the analysis to ⚙organization-defined personnel or roles.
>Supplemental Guidance
Related control: RA-5.
>Tailoring Guidance
Apply to custom developed systems or components.
Ask AI
Configure your API key to use AI features.