Navigate

CCI-003279

CCI-003279 Definition

Require the developer of the system, system component, or system services, on an organization-defined frequency, to deliver the outputs of the tools and results of the vulnerability analysis to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003279.

Control	Description
SA-15(7)	The organization requires the developer of the information system, system component, or information system service to: (a): Perform an automated vulnerability analysis using [one of ]; (b): Determine the exploitation potential for discovered vulnerabilities; (c): Determine potential risk mitigations for delivered vulnerabilities; and (d): Deliver the outputs of the tools and results of the analysis to [one of ].

Control

Description

SA-15(7)

The organization requires the developer of the information system, system component, or information system service to:

(a): Perform an automated vulnerability analysis using [one of ];

(b): Determine the exploitation potential for discovered vulnerabilities;

(c): Determine potential risk mitigations for delivered vulnerabilities; and

(d): Deliver the outputs of the tools and results of the analysis to [one of ].