💼 SA-11(1) Static Code Analysis (M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/sa/11/01
Description
Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.
SA-11(1) Additional FedRAMP Requirements:
Requirement: The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.
If Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8)).
Similar
- Sections
/frameworks/fedramp-high-security-controls/sa/11/01
- Internal
- ID:
dec-c-8509c279
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 SA-11(1) Static Code Analysis (M)(H) | 1 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS GuardDuty is not enabled in all regions🟢 | 1 | 🟢 x6 | no data |