💼 SA-11 Developer Testing and Evaluation
- ID:
/frameworks/nist-sp-800-53-r5/sa/11
Description​
Require the developer of the system, system component, or system service, at all post-design stages of the system development life cycle, to: a. Develop and implement a plan for ongoing security and privacy control assessments; b. Perform [Selection (one or more): unit; integration; system; regression] testing/evaluation [Assignment: organization-defined frequency] at [Assignment: organization-defined depth and coverage]; c. Produce evidence of the execution of the assessment plan and the results of the testing and evaluation; d. Implement a verifiable flaw remediation process; and e. Correct flaws identified during testing and evaluation.
Similar​
- Internal
- ID:
dec-c-874bb0ca
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 SA-11 Developer Testing and Evaluation (M)(H) | 2 | 1 | no data | ||
| 💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations | 26 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | 40 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | 41 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use | 4 | no data |