CMMC Practice CA.3.162

Employ a security assessment of enterprise software that has been developed internally, for internal use, and that has been organizationally defined as an area of risk.


CMMC Version 1.02, pg. 232

Bold Coast Security Guidance

This practice relates to organizations that develop software in-house. For Level 3 compliance, an organization must have a comprehensive Software Development Lifecycle formally documented to include security testing of the code at each development stage.

Discussion From Source

CMMC Creating secure software implementations is difficult and requires extra steps to assess the code for security related vulnerabilities. Security assessment is a process of reviewing software source code in order to identify defects or vulnerabilities with in an application. Security assessment may be done using manual or automated techniques.