💼 SA-11 DEVELOPER SECURITY TESTING AND EVALUATION
- ID:
/frameworks/nist-sp-800-53-r4/sa/11
Description​
The organization requires the developer of the information system, system component, or information system service to: SA-11a. Create and implement a security assessment plan; SA-11b. Perform [Selection (one or more): unit; integration; system; regression] testing/evaluation at [Assignment: organization-defined depth and coverage]; SA-11c. Produce evidence of the execution of the security assessment plan and the results of the security testing/evaluation; SA-11d. Implement a verifiable flaw remediation process; and SA-11e. Correct flaws identified during security testing/evaluation.
Similar​
- Internal
- ID:
dec-c-9ddee91f
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.RA-1: Asset vulnerabilities are identified and documented | 13 | 16 | no data | ||
| 💼 NIST CSF v1.1 → 💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan | no data | ||||
| 💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented | 6 | 9 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 SA-11 (1) STATIC CODE ANALYSIS | no data | ||||
| 💼 SA-11 (2) THREAT AND VULNERABILITY ANALYSES | no data | ||||
| 💼 SA-11 (3) INDEPENDENT VERIFICATION OF ASSESSMENT PLANS _ EVIDENCE | no data | ||||
| 💼 SA-11 (4) MANUAL CODE REVIEWS | no data | ||||
| 💼 SA-11 (5) PENETRATION TESTING | no data | ||||
| 💼 SA-11 (6) ATTACK SURFACE REVIEWS | no data | ||||
| 💼 SA-11 (7) VERIFY SCOPE OF TESTING _ EVALUATION | no data | ||||
| 💼 SA-11 (8) DYNAMIC CODE ANALYSIS | no data |