SA-15(07) Automated Vulnerability Analysis
Require the developer of the system, system component, or system service sa-15.07_odp.01 to:
(a) Perform an automated vulnerability analysis using sa-15.07_odp.02;
(b) Determine the exploitation potential for discovered vulnerabilities;
(c) Determine potential risk mitigations for delivered vulnerabilities; and
(d) Deliver the outputs of the tools and results of the analysis to sa-15.07_odp.03.
|sa-15.07_odp.03||personnel or roles|
Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations.