SA-11.2: Threat Modeling and Vulnerability Analyses

the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that uses information ;

the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that uses information ;

the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that uses information ;

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that uses information ;

the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that employs tools and methods ;

the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that employs tools and methods ;

the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that employs tools and methods ;

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that employs tools and methods ;

the developer of the system, system component, or system service is required to perform threat modeling at breadth and depth during development of the system, component, or service;

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that conducts modeling and analyses at breadth and depth ;

the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that produces evidence that meets acceptance criteria ;

the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that produces evidence that meets acceptance criteria ;

the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that produces evidence that meets acceptance criteria ;

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that produces evidence that meets acceptance criteria .