SA-15(4)—Development Process, Standards, And Tool

PBMM (P3)

Secret (P3)

Management

>Control Description

DEVELOPMENT PROCESS, STANDARDS, AND TOOLS | THREAT MODELING / VULNERABILITY ANALYSIS The organization requires that developers perform threat modeling and a vulnerability analysis for the information system at ⚙organization-defined breadth/depth that: (a) Uses ⚙organization-defined information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels; (b) Employs ⚙organization-defined tools and methods; and (c) Produces evidence that meets ⚙organization-defined acceptance criteria.

>Supplemental Guidance

Related control: SA-4.

>Tailoring Guidance

Apply to custom developed systems or components.

Ask AI

Configure your API key to use AI features.