← Back to catalog
SA-15(7)

Automated Vulnerability Analysis

System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Require the developer of the system, system component, or system service [assignment] to: Perform an automated vulnerability analysis using [assignment]; Determine the exploitation potential for discovered vulnerabilities; Determine potential risk mitigations for delivered vulnerabilities; and Deliver the outputs of the tools and results of the analysis to [assignment].

Discussion

Automated tools can be more effective at analyzing exploitable weaknesses or deficiencies in large and complex systems, prioritizing vulnerabilities by severity, and providing recommendations for risk mitigations.

Implementation guidance

No content available.

CSF 2.0 crosswalk
ID.RA-01Vulnerabilities in assets are identified, validated, and recordedIdentify