SA-11(03) Independent Verification of Assessment Plans and Evidence
(a) Require an independent agent satisfying sa-11.03_odp to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and
(b) Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.
| Parameter ID | Definition |
|---|---|
| sa-11.03_odp | independence criteria |
Baselines
- L
- M
- H
- P
Guidance
Independent agents have the qualifications—including the expertise, skills, training, certifications, and experience—to verify the correct implementation of developer security and privacy assessment plans.
Related controls 2
- AT-03 Role-based Training L M H P
- RA-05 Vulnerability Monitoring and Scanning L M H P