|Edition Number:||2||SCC Approved:||--|
|Edition Date:||2016-09-26||DOD Approved:||--|
|Price Code:||A||ANSI Approved:||--|
1.1 This outline applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware.
1.2 This outline describes:
a) Requirements regarding the vendor’s risk management process for their product.
b) Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses and malware.
c) Requirements regarding the presence of security risk controls in the architecture and design of a product.
1.3 This outline does not contain requirements regarding functional testing of a product. This means this outline contains no requirements to verify that the product functions as designed.
1.4 This outline does not contain requirements regarding the hardware contained in a product.