Navigate

CCI-003278

CCI-003278 Definition

Require the developer of the system, system component, or system services, on an organization-defined frequency, to determine potential risk mitigations for delivered vulnerabilities.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003278.

Control	Description
SA-15(7)	The organization requires the developer of the information system, system component, or information system service to: (a): Perform an automated vulnerability analysis using [one of ]; (b): Determine the exploitation potential for discovered vulnerabilities; (c): Determine potential risk mitigations for delivered vulnerabilities; and (d): Deliver the outputs of the tools and results of the analysis to [one of ].

Control

Description

SA-15(7)

The organization requires the developer of the information system, system component, or information system service to:

(a): Perform an automated vulnerability analysis using [one of ];

(b): Determine the exploitation potential for discovered vulnerabilities;

(c): Determine potential risk mitigations for delivered vulnerabilities; and

(d): Deliver the outputs of the tools and results of the analysis to [one of ].