{"id":1826,"date":"2024-08-19T17:06:12","date_gmt":"2024-08-19T17:06:12","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1826"},"modified":"2024-09-05T00:43:24","modified_gmt":"2024-09-05T00:43:24","slug":"sa-11-developer-testing-and-evaluation","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/system-and-services-acquisition-sa\/sa-11-developer-testing-and-evaluation\/","title":{"rendered":"SA-11: Developer Testing and Evaluation"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">SA-11: Developer Testing and Evaluation<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: <\/strong>Moderate&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline: &nbsp;<\/strong>Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By:<\/strong> &nbsp;07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: \u00a0<\/strong>08\/08\/2024\u00a0<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The information resource owner, or designee, shall require the developer of the information resource to document and implement a plan for ongoing security and privacy testing and evaluation.&nbsp;<\/li>\n\n\n\n<li>&nbsp;Security and privacy testing shall be performed periodically based on risk management decisions.&nbsp;<\/li>\n\n\n\n<li>The security and privacy testing and evaluation plan shall include the following elements:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Evidence of the execution of the assessment plan and the results of the testing and evaluation are documented.&nbsp;<\/li>\n\n\n\n<li>A verifiable flaw remediation process.&nbsp;<\/li>\n\n\n\n<li>A remediation plan for correcting flaws identified during testing and evaluation.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.commoncriteriaportal.org\/files\/ccfiles\/CCPART3V3.1R5.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">ISO 15408-3<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-30r1\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-30<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-53Ar4\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-53A<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-154\/draft\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-154<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-160v1\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-160-1<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SA-11: Developer Testing and Evaluation NIST Baseline: Moderate&nbsp; Privacy Baseline: &nbsp;Yes&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: \u00a008\/08\/2024\u00a0 References\/Additional Resources ISO 15408-3&nbsp; SP 800-30&nbsp; SP 800-53A&nbsp; SP 800-154&nbsp; SP 800-160-1&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1975,"menu_order":9,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1826","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on August 19, 2024","modified":"Updated on September 5, 2024"},"absolute_dates_time":{"created":"Posted on August 19, 2024 5:06 pm","modified":"Updated on September 5, 2024 12:43 am"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1826"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1826\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1975"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}