CCI-003256

CCI-003256 Definition

The organization requires that developers perform threat modeling for the information system at an organization-defined breadth/depth.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-003256.

Control	Description
SA-15(4)	The organization requires that developers perform threat modeling and a vulnerability analysis for the information system at [one of ] that: (a): Uses [one of ]; (b): Employs [one of ]; and (c): Produces evidence that meets [one of ].