>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RV.3.4Review the SDLC process, and update it if appropriate to prevent (or reduce the likelihood of) the root cause recurring in updates to the software or in new software that is created.

RV.3

>Control Description

Review the SDLC process, and update it if appropriate to prevent (or reduce the likelihood of) the root cause recurring in updates to the software or in new software that is created.

>Practice: RV.3

Analyze Vulnerabilities to Identify Their Root Causes

Help reduce the frequency of vulnerabilities in the future.

>Notional Implementation Examples

  1. 1.Record lessons learned through root cause analysis in a wiki that developers can access and search.
  2. 2.Plan and implement changes to the appropriate SDLC practices.

>Cross-Framework References

Mappings to related frameworks and standards from NIST SP 800-218

BSA FSS

PD.1-3

BSIMM

CP3.3
CMVM3.2

EO 14028

4e(ix)

IEC 62443

DM-6

ISO 30111

7.1.7

Microsoft SDL

2

PCI SSLC

2.6
4.2

SAFECode FPSSD

Secure Development Lifecycle Feedback

SP 800-53

SA-15

SP 800-161

SA-15

SP 800-181 (NICE)

K0009
K0039
K0070

Ask AI

Configure your API key to use AI features.