IAO-04 - Threat Analysis & Flaw Remediation During Development

Mechanisms exist to require system developers and integrators to create and execute a Security Testing and Evaluation (ST&E) plan, or similar process, to identify and remediate flaws during development.