Overview
The CASA requirements are used for all assessment tiers. They span across all assurance levels of the OWASP Application Security Verification Standard (ASVS).
The ASVS requirements are mapped to the MITRE Common Weakness Enumerations (CWEs). Most CASA requirements are mapped to a CWE with a high, medium, or low probability of exploit. The remaining unmapped requirements are architecture-related requirements where CWEs are irrelevant.
For an application to be CASA verified, the developer must pass all CASA requirements that are applicable to their application. Some requirements might be validated by the developer's existing certifications, which are mapped by the CASA accelerator.