πΌ SA-11(2) Threat Modeling and Vulnerability Analyses (M)(H)
- Contextual name: πΌ SA-11(2) Threat Modeling and Vulnerability Analyses (M)(H)
- ID:
/frameworks/fedramp-high-security-controls/sa/11/02 - Located in: πΌ SA-11 Developer Testing and Evaluation (M)(H)
Descriptionβ
Require the developer of the system, system component, or system service to perform threat modeling and vulnerability analyses during development and the subsequent testing and evaluation of the system, component, or service that:
(a) Uses the following contextual information: [Assignment: organization-defined information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels];
(b) Employs the following tools and methods: [Assignment: organization-defined tools and methods];
(c) Conducts the modeling and analyses at the following level of rigor: [Assignment: organization-defined breadth and depth of modeling and analyses]; and
(d) Produces evidence that meets the following acceptance criteria: [Assignment: organization-defined acceptance criteria].
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sa/11/02
- Internal
- ID:
dec-c-9126ae91
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-11(2) Developer Testing and Evaluation _ Threat Modeling and Vulnerability Analyses |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Moderate Security Controls β πΌ SA-11(2) Threat Modeling and Vulnerability Analyses (M)(H) |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|