SA-15(7)

  • Requirement

    Require the developer of the system, system component, or system service [Assignment: organization-defined frequency] to:
    (a) Perform an automated vulnerability analysis using [Assignment: organization-defined tools];
    (b) Determine the exploitation potential for discovered vulnerabilities;
    (c) Determine potential risk mitigations for delivered vulnerabilities; and
    (d) Deliver the outputs of the tools and results of the analysis to [Assignment: organization-defined personnel or roles].

  • Discussion

    Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations.

More Info

  • Title

    Development Process, Standards, and Tools | Automated Vulnerability Analysis

  • Family

    System and Services Acquisition

  • Related NIST 800-53 ID

    RA-5;SA-11

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!

Learn More