STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Application data protection requirements must be identified and documented.

DISA Rule

SV-222423r508029_rule

Vulnerability Number

V-222423

Group Title

SRG-APP-000323

Rule Version

APSC-DV-000440

Severity

CAT II

CCI(s)

• CCI-002346 - The organization employs organization-defined data mining prevention techniques for organization-defined data storage objects to adequately protect against data mining.

Weight

10

Fix Recommendation

Identify and document the application data elements and the data protection requirements.

Check Contents

Ask the application representative for the documentation that identifies the application data elements, the protection requirements, and any associated steps that are being taken to protect the data.

If the application data protection requirements are not documented, this is a finding.

Vulnerability Number

V-222423

Documentable

False

Rule Version

APSC-DV-000440

Severity Override Guidance

Ask the application representative for the documentation that identifies the application data elements, the protection requirements, and any associated steps that are being taken to protect the data.

If the application data protection requirements are not documented, this is a finding.

Check Content Reference

M

Target Key

4093

Comments