STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222513r561248_rule
V-222513
SRG-APP-000131
APSC-DV-001430
CAT II
10
Design and configure the application to have the capability to prevent unsigned patches and packages from being installed.
Provide a cryptographic hash value that can be verified by a system administrator prior to installation.
Review the application documentation and interview the application administrator to determine the process and commands used for patching the application.
Access application configuration settings.
Review commands and procedures used to patch the application and ensure a capability exists to prevent unsigned patches from being applied.
If the application is not capable of preventing installation of patches and packages that are not signed, or if the vendor does not provide a cryptographic hash value that can be manually checked prior to installation, this is a finding.
V-222513
False
APSC-DV-001430
Review the application documentation and interview the application administrator to determine the process and commands used for patching the application.
Access application configuration settings.
Review commands and procedures used to patch the application and ensure a capability exists to prevent unsigned patches from being applied.
If the application is not capable of preventing installation of patches and packages that are not signed, or if the vendor does not provide a cryptographic hash value that can be manually checked prior to installation, this is a finding.
M
4093