TDA-15
Developer Threat Analysis & Flaw Remediation
Description
Mechanisms exist to require system developers and integrators to develop and implement an ongoing Security Testing and Evaluation (ST&E) plan, or similar process, to objectively identify and remediate vulnerabilities prior to release to production.
Control Question
Does the organization require system developers and integrators to create a Security Testing and Evaluation (ST&E) plan and implement the plan under the witness of an independent party?
Control Metadata
Domain:
Technology Development & Acquisition
Validation Cadence:
Annual
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
6.1.6
HKIA GL20
4.14.24.36.16.2