The organization requires the developer of the information system, system component, or information system service to:
SA-15 (7)(a): Perform an automated vulnerability analysis using [Assignment: organization-defined tools];
SA-15 (7)(b): Determine the exploitation potential for discovered vulnerabilities;
SA-15 (7)(c): Determine potential risk mitigations for delivered vulnerabilities; and
SA-15 (7)(d): Deliver the outputs of the tools and results of the analysis to [Assignment: organization-defined personnel or roles].