STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must utilize organization-defined data mining detection techniques for organization-defined data storage objects to adequately detect data mining attempts.

DISA Rule

SV-222424r508029_rule

Vulnerability Number

V-222424

Group Title

SRG-APP-000324

Rule Version

APSC-DV-000450

Severity

CAT II

CCI(s)

CCI-002347 - The organization employs organization-defined data mining detection techniques for organization-defined data storage objects to adequately detect data mining attempts.

Weight

Fix Recommendation

Utilize and implement data mining protections when requirements specify it.

Check Contents

Review the security plan, application and system documentation and interview the application administrator to identify data mining protections that are required of the application.

If there are no data mining protections required, this requirement is not applicable.

Review the application authentication requirements and permissions.

Review documented protections that have been established to protect from data mining.

This can include limiting the number of queries allowed.

Automated alarming on atypical query events.

Limiting the number of records allowed to be returned in a query.

Not allowing data dumps.

If the application requirements specify protections for data mining and the application administrator is unable to identify or demonstrate that the protections are in place, this is a finding.

The application must utilize organization-defined data mining detection techniques for organization-defined data storage objects to adequately detect data mining attempts.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments