STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← All Controls

SA-11

System and Services AcquisitionRev 3

Developer Testing and Evaluation

CCI Identifiers (21)

CCI-000702The organization requires information system developers, in consultation with associated security personnel (including security engineers), to create a security test and evaluation plan.CCI-000703The organization requires information system developers, in consultation with associated security personnel (including security engineers), to implement a security test and evaluation plan.CCI-000704The organization requires information system integrators, in consultation with associated security personnel (including security engineers), to create a security test and evaluation plan.CCI-000705The organization requires information system integrators, in consultation with associated security personnel (including security engineers), to implement a security test and evaluation plan.CCI-000706The organization requires information system developers, in consultation with associated security personnel (including security engineers), to implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process.CCI-000707The organization requires information system integrators, in consultation with associated security personnel (including security engineers), to implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process.CCI-000708The organization requires information system developers, in consultation with associated security personnel (including security engineers), to document the results of the security testing/evaluation processes.CCI-000709The organization requires information system developers, in consultation with associated security personnel (including security engineers), to document the results of the security flaw remediation processes.CCI-000710The organization requires information system integrators, in consultation with associated security personnel (including security engineers), to document the results of the security testing/evaluation processes.CCI-000711The organization requires information system integrators, in consultation with associated security personnel (including security engineers), to document the results of the security flaw remediation processes.CCI-003171Require the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to develop a plan for ongoing security control assessment.CCI-003172Require the developer of the system, system component, or system service to implement a plan for ongoing security control assessment.CCI-003173Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to perform unit, integration, system, and/or regression testing/evaluation on an organization-defined frequency, at an organization-defined depth and coverage.CCI-003174Defines the depth and coverage at which to perform unit, integration, system, and/or regression testing/evaluation on an organization-defined frequency.CCI-003175Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to produce evidence of the execution of the assessment plan.CCI-003176Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to produce the results of the testing and evaluation.CCI-003177Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to implement a verifiable flaw remediation process.CCI-003178Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to correct flaws identified during testing/evaluation.CCI-004798Require the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to develop a plan for ongoing privacy control assessment.CCI-004799Require the developer of the system, system component, or system service to implement a plan for ongoing privacy control assessment.CCI-004800Defines the frequency that the unit, integration, system, and/or regression testing/evaluation is performed at an organization-defined depth and coverage.

Linked STIG Checks (3)

Across 1 STIGs. Click to expand.