CCI-003181

CCI-003181 Definition

Require the developer of the system, system component, or system service to perform threat modeling and vulnerability analyses during development.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-003181.

Control	Description
SA-11(2)	The organization requires the developer of the information system, system component, or information system service to perform threat and vulnerability analyses and subsequent testing/evaluation of the as-built system, component, or service.