The organization requires that developers performing threat modeling for the information system produce evidence that meets organization-defined acceptance criteria.
No STIG checks reference this CCI.