SA-11(3): Developer Testing and Evaluation | Independent Verification of Assessment Plans and Evidence

SA-11(3): Developer Testing and Evaluation | Independent Verification of Assessment Plans and Evidence ()

(a) Require an independent agent satisfying [Assignment: organization-defined independence criteria] to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and
(b) Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.


Control Identifier	SA-11(3)
Latest Sync Date	19/12/24 09:18:14
Discussion	Independent agents have the qualifications—including the expertise, skills, training, certifications, and experience—to verify the correct implementation of developer security and privacy assessment plans.
Related Controls	AT-3, RA-5.



NIST 800-53 Controls Catalogue