CISOBot - Your AI CISO Assistant

TDA-09

Cybersecurity & Data Protection Testing Throughout Development

Weight: 9/10

Description

Mechanisms exist to require system developers/integrators consult with cybersecurity and data protection personnel to: (1) Create and implement a Security Testing and Evaluation (ST&E) plan, or similar capability; (2) Implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process; and (3) Document the results of the security testing/evaluation and flaw remediation processes.

Control Question

Does the organization require system developers/integrators consult with cybersecurity and data protection personnel to: (1) Create and implement a Security Testing and Evaluation (ST&E) plan, or similar capability; (2) Implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process; and (3) Document the results of the security testing/evaluation and flaw remediation processes?

Control Metadata

Domain:

Technology Development & Acquisition

Validation Cadence:

Annual

Evidence Request List:

E-TDA-03 E-TDA-05

Framework Mappings

This control maps to the following compliance frameworks

MAS TRM

5.7.15.7.25.7.35.7.45.7.55.7.66.1.16.1.26.1.36.1.46.1.66.1.7

HKIA GL20

4.14.24.36.16.2

Have questions about this control?

Ask CISOBot for implementation guidance and best practices