SA-15(07) Automated Vulnerability Analysis
Require the developer of the system, system component, or system service sa-15.07_odp.01 to:
(a) Perform an automated vulnerability analysis using sa-15.07_odp.02;
(b) Determine the exploitation potential for discovered vulnerabilities;
(c) Determine potential risk mitigations for delivered vulnerabilities; and
(d) Deliver the outputs of the tools and results of the analysis to sa-15.07_odp.03.
| Parameter ID | Definition |
|---|---|
| sa-15.07_odp.01 | frequency |
| sa-15.07_odp.02 | tools |
| sa-15.07_odp.03 | personnel or roles |
Baselines
- L
- M
- H
- P
Guidance
Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations.