STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The publicly accessible application must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the application.

DISA Rule

SV-222436r508029_rule

Vulnerability Number

V-222436

Group Title

SRG-APP-000070

Rule Version

APSC-DV-000570

Severity

CAT III

CCI(s)

• CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
• CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.

Weight

10

Fix Recommendation

Configure the application to present the standard DoD-approved banner prior to granting access to the application.

Check Contents

This requirement only applies to publicly accessible applications. If the application is not publicly accessible, this requirement is not applicable.

Access the application and observe the screen to ensure the DoD-approved banner is displayed prior to obtaining full access to the application. Refer to the vulnerability discussion for the approved banner text.

If the standard DoD-approved banner is not displayed prior to obtaining access, this is a finding.

Vulnerability Number

V-222436

Documentable

False

Rule Version

APSC-DV-000570

Severity Override Guidance

This requirement only applies to publicly accessible applications. If the application is not publicly accessible, this requirement is not applicable.

Access the application and observe the screen to ensure the DoD-approved banner is displayed prior to obtaining full access to the application. Refer to the vulnerability discussion for the approved banner text.

If the standard DoD-approved banner is not displayed prior to obtaining access, this is a finding.

Check Content Reference

M

Target Key

4093

Comments