CCI-003179
CCI-003179 Definition
Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed includes the requirement within contracts/agreements that the developer of the information system, system component, or information system service employ static code analysis tools to identify common flaws.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that the developer of the information system, system component, or information system service employ static code analysis tools to identify common flaws.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation must require developer to employ static code analysis tools to identify common flaws.