16.12: Implement Code-Level Security Checks

CSF v1.1 References:

PR.IP-2

PF v1.0 References:

CT.PO-P4

Threats Addressed:

Elevation of Privilege

Group:

IG3

Control is new to this version of the control set and incorporates the following control from the previous version: 18.7: Apply Static and Dynamic Code Analysis Tools.

Control Statement

Apply static and dynamic analysis tools within the application life cycle to verify that secure coding practices are being followed.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]