CCI-003265

CCI-003265 Definition

The organization requires the vulnerability analysis performed by the developers employ organization-defined tools and methods.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-003265.

Control	Description
SA-15(4)	The organization requires that developers perform threat modeling and a vulnerability analysis for the information system at [one of ] that: (a): Uses [one of ]; (b): Employs [one of ]; and (c): Produces evidence that meets [one of ].