Skip to content

SA-11: Developer Testing and Evaluation

An OSCAL Control

Statement

    • Require the developer of the system, system component, or system service, at all post-design stages of the system development life cycle, to:

      • a.

        Develop and implement a plan for ongoing security and privacy control assessments;

      • b.

        Perform testing/evaluation at ;

      • c.

        Produce evidence of the execution of the assessment plan and the results of the testing and evaluation;

      • d.

        Implement a verifiable flaw remediation process; and

      • e.

        Correct flaws identified during testing and evaluation.