πΌ SA-11 Developer Testing and Evaluation (M)(H)
- Contextual name: πΌ SA-11 Developer Testing and Evaluation (M)(H)
- ID:
/frameworks/fedramp-high-security-controls/sa/11 - Located in: πΌ System and Services Acquisition
Descriptionβ
Require the developer of the system, system component, or system service, at all post-design stages of the system development life cycle, to:
a. Develop and implement a plan for ongoing security and privacy assessments;
b. Perform [Selection (one-or-more): unit; integration; system; regression] testing/evaluation [Assignment: organization-defined frequency] at [Assignment: organization-defined depth and coverage];
c. Produce evidence of the execution of the assessment plan and the results of the testing and evaluation;
d. Implement a verifiable flaw remediation process; and
e. Correct flaws identified during testing and evaluation.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sa/11
- Internal
- ID:
dec-c-03393ba2
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-11 Developer Testing and Evaluation | 9 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Moderate Security Controls β πΌ SA-11 Developer Testing and Evaluation (M)(H) | 2 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ SA-11(1) Static Code Analysis (M)(H) | ||||
| πΌ SA-11(2) Threat Modeling and Vulnerability Analyses (M)(H) |