16.3: Perform Root Cause Analysis on Security Vulnerabilities

CSF v1.1 References:


Info icon.

Control is new to this version of the control set.

Control Statement

Perform root cause analysis on security vulnerabilities. When reviewing vulnerabilities, root cause analysis is the task of evaluating underlying issues that create vulnerabilities in code, and allows development teams to move beyond just fixing individual vulnerabilities as they arise.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]