Navigate

CCI-003178

CCI-003178 Definition

Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to correct flaws identified during testing/evaluation.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003178.

Control	Description
SA-11	The organization requires the developer of the information system, system component, or information system service to: a: Create and implement a security assessment plan; b: Perform [one or more of "unit"/"integration"/"system"/"regression"] testing/evaluation at [one of ]; c: Produce evidence of the execution of the security assessment plan and the results of the security testing/evaluation; d: Implement a verifiable flaw remediation process; and e: Correct flaws identified during security testing/evaluation.

Control

Description

SA-11

The organization requires the developer of the information system, system component, or information system service to:

a: Create and implement a security assessment plan;

b: Perform [one or more of "unit"/"integration"/"system"/"regression"] testing/evaluation at [one of ];

c: Produce evidence of the execution of the security assessment plan and the results of the security testing/evaluation;

d: Implement a verifiable flaw remediation process; and

e: Correct flaws identified during security testing/evaluation.