πΌ SA-11(1) Static Code Analysis (M)(H)
- Contextual name: πΌ SA-11(1) Static Code Analysis (M)(H)
- ID:
/frameworks/fedramp-high-security-controls/sa/11/01 - Located in: πΌ SA-11 Developer Testing and Evaluation (M)(H)
Descriptionβ
Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.
SA-11(1) Additional FedRAMP Requirements:
Requirement: The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.
If Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8)).
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sa/11/01
- Internal
- ID:
dec-c-8509c279
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-11(1) Developer Testing and Evaluation _ Static Code Analysis |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Moderate Security Controls β πΌ SA-11(1) Static Code Analysis (M)(H) |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|