Require the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to develop a plan for ongoing security control assessment.
No STIG checks reference this CCI.