>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-11(7)Developer Security Testing

PBMM (P3)
Secret (P3)
Management

>Control Description

DEVELOPER SECURITY TESTING AND EVALUATION | VERIFY SCOPE OF TESTING / EVALUATION The organization requires the developer of the information system, system component, or information system service to verify that the scope of security testing/evaluation provides complete coverage of required security controls at organization-defined depth of testing/evaluation.

>Supplemental Guidance

Verifying that security testing/evaluation provides complete coverage of required security controls can be accomplished by a variety of analytic techniques ranging from informal to formal. Each of these techniques provides an increasing level of assurance corresponding to the degree of formality of the analysis. Rigorously demonstrating security control coverage at the highest levels of assurance can be provided by the use of formal modeling and analysis techniques including correlation between control implementation and corresponding test cases.

>Tailoring Guidance

Apply to boundary and other security critical components. For COTS products require 3rd party evaluation such as Common Criteria.

Ask AI

Configure your API key to use AI features.