graphgrc

SCF - TDA-09 - Cybersecurity & Data Privacy Testing Throughout Development

Mechanisms exist to require system developers/integrators consult with cybersecurity & data privacy personnel to:

• Create and implement a Security Test and Evaluation (ST&E) plan;
• Implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process; and
• Document the results of the security testing/evaluation and flaw remediation processes.

  Mapped framework controls

  ISO 27002

• A.8.25
• A.8.29
• A.8.30

NIST 800-53

• SA-11

Control questions

Does the organization require system developers/integrators consult with cybersecurity & data privacy personnel to:

• Create and implement a Security Test and Evaluation (ST&E) plan;
• Implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process; and
• Document the results of the security testing/evaluation and flaw remediation processes?

This site is open source. Improve this page.