IAO-04 ยท Threat Analysis & Flaw Remediation During Development

Control Description

Mechanisms exist to require system developers and integrators to create and execute a Security Testing and Evaluation (ST&E) plan, or similar process, to identify and remediate flaws during development.

Control Question
Assessment question for control validation

Does the organization require system developers and integrators to create and execute a Security Testing and Evaluation (ST&E) plan to identify and remediate flaws during development?

Control Weighting
10
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: IAO-04
Additional Metadata
Applicability (Process):
x