Require the developer of the system, system component, or system service to follow a documented development process that explicitly addresses security requirements.
No STIG checks reference this CCI.