>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-11(3)Developer Security Testing

Management

>Control Description

DEVELOPER SECURITY TESTING AND EVALUATION | INDEPENDENT VERIFICATION OF ASSESSMENT PLANS / EVIDENCE (a) The organization requires an independent agent satisfying organization-defined independence criteria to verify the correct implementation of the developer security assessment plan and the evidence produced during security testing/evaluation; and (b) The organization ensures that the independent agent either is provided with sufficient information to complete the verification process or has been granted the authority to obtain such information.

>Supplemental Guidance

Independent agents have the necessary qualifications (i.e., expertise, skills, training, and experience) to verify the correct implementation of developer security assessment plans. Related controls: AT-3, CA-7, RA-5, SA-12.

Ask AI

Configure your API key to use AI features.