💼 SA-11(2) Developer Testing and Evaluation | Threat Modeling and Vulnerability Analyses

Contextual name: 💼 SA-11(2) Developer Testing and Evaluation | Threat Modeling and Vulnerability Analyses
ID: /frameworks/nist-sp-800-53-r5/sa/11/02
Located in: 💼 SA-11 Developer Testing and Evaluation

Description

Require the developer of the system, system component, or system service to perform threat modeling and vulnerability analyses during development and the subsequent testing and evaluation of the system, component, or service that: (a) Uses the following contextual information: [Assignment: organization-defined information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels]; (b) Employs the following tools and methods: [Assignment: organization-defined tools and methods]; (c) Conducts the modeling and analyses at the following level of rigor: [Assignment: organization-defined breadth and depth of modeling and analyses]; and (d) Produces evidence that meets the following acceptance criteria: [Assignment: organization-defined acceptance criteria].

Similar

Internal
- ID: dec-c-97a79466

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 SA-11(2) Threat Modeling and Vulnerability Analyses (M)(H)
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			22

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections