← Back to catalog
SA-11(6)

Attack Surface Reviews

System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Require the developer of the system, system component, or system service to perform attack surface reviews.

Discussion

Attack surfaces of systems and system components are exposed areas that make those systems more vulnerable to attacks. Attack surfaces include any accessible areas where weaknesses or deficiencies in the hardware, software, and firmware components provide opportunities for adversaries to exploit vulnerabilities. Attack surface reviews ensure that developers analyze the design and implementation changes to systems and mitigate attack vectors generated as a result of the changes. The correction of identified flaws includes deprecation of unsafe functions.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.