SA-15.7 ยท Automated Vulnerability Analysis

Control Description

Require the developer of the system, system component, or system service {{ insert: param, sa-15.07_odp.01 }} to:

Impact Baselines
Security baselines where this control applies
Not in any baseline
Control Properties
SP800-53-enhancement
organization
Assurance
Enhancement
Control Statement
The control requirements

Require the developer of the system, system component, or system service {{ insert: param, sa-15.07_odp.01 }} to:

(a) Perform an automated vulnerability analysis using {{ insert: param, sa-15.07_odp.02 }};

(b) Determine the exploitation potential for discovered vulnerabilities;

(c) Determine potential risk mitigations for delivered vulnerabilities; and

(d) Deliver the outputs of the tools and results of the analysis to {{ insert: param, sa-15.07_odp.03 }}.

Supplemental Guidance

Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations.

Related NIST Controls
Other NIST 800-53 controls related to this one
RA-05
SA-11