SA-15(07) Automated Vulnerability Analysis

Require the developer of the system, system component, or system service sa-15.07_odp.01 to:

(a) Perform an automated vulnerability analysis using sa-15.07_odp.02;

(b) Determine the exploitation potential for discovered vulnerabilities;

(c) Determine potential risk mitigations for delivered vulnerabilities; and

(d) Deliver the outputs of the tools and results of the analysis to sa-15.07_odp.03.

Parameter ID Definition
sa-15.07_odp.01 frequency
sa-15.07_odp.02 tools
sa-15.07_odp.03 personnel or roles



Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations.

Related controls 2