SYSTEM DEVELOPER SECURITY TESTING - 5315.4

Policy: Each state entity shall require that system developers create and implement a security test and evaluation plan as part of the system design and build. When a contract is required, it shall specify the acceptance criteria for security test and evaluation plans and vulnerability remediation processes.

Implementation Controls:  NIST SP 800-53: System and Services Acquisition (SA)