💼 SA-15 (4) THREAT MODELING | VULNERABILITY ANALYSIS
- ID:
/frameworks/nist-sp-800-53-r4/sa/15/04
Description​
The organization requires that developers perform threat modeling and a vulnerability analysis for the information system at [Assignment: organization-defined breadth/depth] that: SA-15 (4)(a) Uses [Assignment: organization-defined information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels]; SA-15 (4)(b) Employs [Assignment: organization-defined tools and methods]; and SA-15 (4)(c) Produces evidence that meets [Assignment: organization-defined acceptance criteria].
Similar​
- Internal
- ID:
dec-c-1161ab5d
- ID:
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|