Skip to main content

πŸ’Ό SA-11 DEVELOPER SECURITY TESTING AND EVALUATION

  • Contextual name: πŸ’Ό SA-11 DEVELOPER SECURITY TESTING AND EVALUATION
  • ID: /frameworks/nist-sp-800-53-r4/sa/11
  • Located in: πŸ’Ό SA SYSTEM AND SERVICES ACQUISITION

Description​

The organization requires the developer of the information system, system component, or information system service to: SA-11a. Create and implement a security assessment plan; SA-11b. Perform [Selection (one or more): unit; integration; system; regression] testing/evaluation at [Assignment: organization-defined depth and coverage]; SA-11c. Produce evidence of the execution of the security assessment plan and the results of the security testing/evaluation; SA-11d. Implement a verifiable flaw remediation process; and SA-11e. Correct flaws identified during security testing/evaluation.

Similar​

  • Internal
    • ID: dec-c-9ddee91f

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-1: Asset vulnerabilities are identified and documented1415
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-2: A System Development Life Cycle to manage systems is implemented66

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SA-11 (1) STATIC CODE ANALYSIS
πŸ’Ό SA-11 (2) THREAT AND VULNERABILITY ANALYSES
πŸ’Ό SA-11 (3) INDEPENDENT VERIFICATION OF ASSESSMENT PLANS _ EVIDENCE
πŸ’Ό SA-11 (4) MANUAL CODE REVIEWS
πŸ’Ό SA-11 (5) PENETRATION TESTING
πŸ’Ό SA-11 (6) ATTACK SURFACE REVIEWS
πŸ’Ό SA-11 (7) VERIFY SCOPE OF TESTING _ EVALUATION
πŸ’Ό SA-11 (8) DYNAMIC CODE ANALYSIS