STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← SA-15 (4) — Threat Modeling and Vulnerability Analysis

CCI-003256

Definition

The organization requires that developers perform threat modeling for the information system at an organization-defined breadth/depth.

Parent Control

SA-15 (4)Threat Modeling and Vulnerability AnalysisSystem and Services Acquisition

Linked STIG Checks (1)

V-222655CAT IIThreat models must be documented and reviewed for each application release and updated as required by design and functionality changes or when new threats are discovered.Application Security and Development Security Technical Implementation Guide