>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

VM-15Third-Party Library Check

>Control Description

Organization scans third-party libraries for vulnerabilities according to the service risk rating assignment.

Theme

Technology

Type

Detective

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure a process has been defined and documented for performing source code check for vulnerabilities. 2. Ensure that third-party libraries are scanned for vulnerabilities as per service risk rating assignment. 3. Ensure all vulnerabilities are tracked and resolved as per organization's SLA.

>Testing Procedure

1. Inspect and validate whether a process has been defined and documented for performing source code check for vulnerabilities. 2. Validate for a sample scan whether third-party libraries are scanned for vulnerabilities as per service risk rating assignment. 3. For a sample source code vulnerability validate that it was tracked and resolved per SLA.

>Audit Artifacts

E-VM-15
E-RM-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

16.5

PCI DSS
1

6.3.1

Ask AI

Configure your API key to use AI features.