Require the developer of the system, system component, or system service [Assignment: organization-defined frequency] to:
(a) Perform an automated vulnerability analysis using [Assignment: organization-defined tools];
(b) Determine the exploitation potential for discovered vulnerabilities;
(c) Determine potential risk mitigations for delivered vulnerabilities; and
(d) Deliver the outputs of the tools and results of the analysis to [Assignment: organization-defined personnel or roles].
|
|
| Control Identifier | SA-15(7) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations. |
| Related Controls | RA-5, SA-11. |