CCI-003256

The organization requires that developers perform threat modeling for the information system at an organization-defined breadth/depth.