STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222590r508029_rule
V-222590
SRG-APP-000233
APSC-DV-002360
CAT II
10
Implement controls within the application that limits access to security configuration functionality and isolates regular application function from security-oriented function.
Review the application documentation and interview the application administrator.
Identify if the application utilizes access controls.
Commonly employed access controls include Role-Based Access Controls (RBAC), Access Control Lists (ACL) and Mandatory Access Controls (MAC).
Ensure the application utilizes a control structure that is capable of protecting security assets such as policy and configuration settings from unauthorized modification.
If the application does not protect security functions that enforce security policy and protect security configuration settings, this is a finding.
V-222590
False
APSC-DV-002360
Review the application documentation and interview the application administrator.
Identify if the application utilizes access controls.
Commonly employed access controls include Role-Based Access Controls (RBAC), Access Control Lists (ACL) and Mandatory Access Controls (MAC).
Ensure the application utilizes a control structure that is capable of protecting security assets such as policy and configuration settings from unauthorized modification.
If the application does not protect security functions that enforce security policy and protect security configuration settings, this is a finding.
M
4093