CCI-003267

CCI-003267 Definition

The organization defines tools and methods to be employed to perform a vulnerability analysis for the information system by the developer.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-003267.

Control	Description
SA-15(4)	The organization requires that developers perform threat modeling and a vulnerability analysis for the information system at [one of ] that: (a): Uses [one of ]; (b): Employs [one of ]; and (c): Produces evidence that meets [one of ].