16.3: Perform Root Cause Analysis on Security Vulnerabilities
CSF v1.1 References:
Control is new to this version of the control set.
Control Statement
Perform root cause analysis on security vulnerabilities. When reviewing vulnerabilities, root cause analysis is the task of evaluating underlying issues that create vulnerabilities in code, and allows development teams to move beyond just fixing individual vulnerabilities as they arise.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]