Require the developer of the system, system component, or system service to perform a manual code review of organization-defined specific code using organization-defined processes, procedures, and/or techniques.