Require the developer of the system, system component, or system service to report findings of security flaws and flaw resolution within the system, component, or service to organization-defined personnel.
No STIG checks reference this CCI.