3.3—3.3
>Control Description
DoD organizations establish software/application risk management program. Foundational controls include Bill of Materials risk management, Supplier Risk Management, approved repositories and update channels, and vulnerability management program. Additional controls include Continual validation within the CI/CD pipelines and vulnerability maturation with external sources.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.