← Back to catalog
SA-15(7)
Automated Vulnerability Analysis
System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Require the developer of the system, system component, or system service [assignment] to: Perform an automated vulnerability analysis using [assignment]; Determine the exploitation potential for discovered vulnerabilities; Determine potential risk mitigations for delivered vulnerabilities; and Deliver the outputs of the tools and results of the analysis to [assignment].
Discussion
Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations.
Implementation guidance
No content available.
CSF 2.0 crosswalk
ID.RA-01Vulnerabilities in assets are identified, validated, and recordedIdentify