💼 SA-11 DEVELOPER SECURITY TESTING AND EVALUATION

Contextual name: 💼 SA-11 DEVELOPER SECURITY TESTING AND EVALUATION
ID: /frameworks/nist-sp-800-53-r4/sa/11
Located in: 💼 SA SYSTEM AND SERVICES ACQUISITION

Description

The organization requires the developer of the information system, system component, or information system service to: SA-11a. Create and implement a security assessment plan; SA-11b. Perform [Selection (one or more): unit; integration; system; regression] testing/evaluation at [Assignment: organization-defined depth and coverage]; SA-11c. Produce evidence of the execution of the security assessment plan and the results of the security testing/evaluation; SA-11d. Implement a verifiable flaw remediation process; and SA-11e. Correct flaws identified during security testing/evaluation.

Similar

Internal
- ID: dec-c-9ddee91f

Similar Sections (Give Policies To)

Section	Internal Rules	Policies
💼 NIST CSF v1.1 → 💼 ID.RA-1: Asset vulnerabilities are identified and documented	13	15
💼 NIST CSF v1.1 → 💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented	6	9

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 SA-11 (1) STATIC CODE ANALYSIS
💼 SA-11 (2) THREAT AND VULNERABILITY ANALYSES
💼 SA-11 (3) INDEPENDENT VERIFICATION OF ASSESSMENT PLANS _ EVIDENCE
💼 SA-11 (4) MANUAL CODE REVIEWS
💼 SA-11 (5) PENETRATION TESTING
💼 SA-11 (6) ATTACK SURFACE REVIEWS
💼 SA-11 (7) VERIFY SCOPE OF TESTING _ EVALUATION
💼 SA-11 (8) DYNAMIC CODE ANALYSIS

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections