TDA-09—Cybersecurity & Data Protection Testing Throughout Development

Weight: 9

>Control Description

Mechanisms exist to require system developers/integrators consult with cybersecurity and data protection personnel to: (1) Create and implement a Security Testing and Evaluation (ST&E) plan, or similar capability; (2) Implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process; and (3) Document the results of the security testing/evaluation and flaw remediation processes.

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

NIST CSF 2.0

PCI DSS v4.0.1

CIS Controls v8

SOC 2 TSC

NIST SP 800-171

FedRAMP Rev 5

Canada ITSP 10.171

OSFI B-13

Australia ISM

India SEBI Guidelines

SOC 2 TSC (Detailed)

CIS Controls v8.1 (Detailed)

GovRAMP

ISO 27002:2022

NIST SP 800-161

NIST SP 800-171 Rev 3

NIST SP 800-218 SSDF

Data Privacy Management Principles

CISA SSDAF

DoD Zero Trust Roadmap

Executive Order 14028

NY DFS 23 NYCRR 500

Ask AI