Navigate

CCI-003275

CCI-003275 Definition

Require the developer of the system, system component, or system services, on an organization-defined frequency, to perform an automated vulnerability analysis using organization-defined tools.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003275.

Control	Description
SA-15(7)	The organization requires the developer of the information system, system component, or information system service to: (a): Perform an automated vulnerability analysis using [one of ]; (b): Determine the exploitation potential for discovered vulnerabilities; (c): Determine potential risk mitigations for delivered vulnerabilities; and (d): Deliver the outputs of the tools and results of the analysis to [one of ].

Control

Description

SA-15(7)

The organization requires the developer of the information system, system component, or information system service to:

(a): Perform an automated vulnerability analysis using [one of ];

(b): Determine the exploitation potential for discovered vulnerabilities;

(c): Determine potential risk mitigations for delivered vulnerabilities; and

(d): Deliver the outputs of the tools and results of the analysis to [one of ].