| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic Code Analysis | ||
| Id | 976a74cf-b192-4d35-8cab-2068f272addb | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Services Acquisition control | ||
| Additional metadata |
Name/Id: ACF1607 / Microsoft Managed Control 1607 Category: System and Services Acquisition Title: Developer Security Testing And Evaluation | Dynamic Code Analysis Ownership: Customer, Microsoft Description: The organization requires the developer of the information system, system component, or information system service to employ dynamic code analysis tools to identify common flaws and document the results of the analysis. Requirements: Code reviews are performed as part of the Microsoft Security Development Lifecycle (SDL), including use of the automated dynamic code analysis tools. Azure scans with a web-based "black box" web application vulnerability scanning service and a tool to test SSL/TLS based endpoints for compliance with encryption in-transit requirements. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|