STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SA-15 (10)

System and Services AcquisitionRev 5organization

Development Process, Standards, and Tools

Control Statement

Require the developer of the system, system component, or system service to provide, implement, and test an incident response plan.

Supplemental Guidance

The incident response plan provided by developers may provide information not readily available to organizations and be incorporated into organizational incident response plans. Developer information may also be extremely helpful, such as when organizations respond to vulnerabilities in commercial off-the-shelf products.

Related Controls (1)

IR-8

CCI Identifiers (3)

CCI-003289Require the developer of the system, system component, or system service to provide an incident response plan.CCI-004831Require the developer of the system, system component, or system service to implement an incident response plan.CCI-004832Require the developer of the system, system component, or system service to test an incident response plan.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.