← Back to catalog
SA-11(4)

Manual Code Reviews

System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Require the developer of the system, system component, or system service to perform a manual code review of [assignment] using the following processes, procedures, and/or techniques: [assignment].

Discussion

Manual code reviews are usually reserved for the critical software and firmware components of systems. Manual code reviews are effective at identifying weaknesses that require knowledge of the application’s requirements or context that, in most cases, is unavailable to automated analytic tools and techniques, such as static and dynamic analysis. The benefits of manual code review include the ability to verify access control matrices against application controls and review detailed aspects of cryptographic implementations and controls.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.