NIST-800-53-SA-11

Developer Security Testing and Evaluation

System and Services Acquisition Policy for 18F

Parameters:
SA-11

unit and integration

SA-11

cloud.gov

a

The security assessment plan is created by the FedRAMP Accredited Third Pary Assessment Organzation (3PAO). It will It will be used for annual assessments conducted by the 3PAO for continuous monitoring of cloud.gov.

b

cloud.gov performs unit and integration testing on the sytem on each deployment.

c

Testing is done automatically and tracked using tools like Nessus, OWASP and Concourse.

d

The process of remediation is by implementing changes to the configuration on configuration management, redeploying and testing.

e

Flaws are identified by automated tools and false positives are marked as such. Covered By:

results matching ""

    No results matching ""