STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The ISSO must report all suspected violations of IA policies in accordance with DoD information system IA procedures.

DISA Rule

SV-222623r508029_rule

Vulnerability Number

V-222623

Group Title

SRG-APP-000516

Rule Version

APSC-DV-002920

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.
CCI-000149 - The organization reports any findings to organization-defined personnel or roles for indications of organization-defined inappropriate or unusual activity.

Weight

Fix Recommendation

Create and maintain a policy to report IA violations.

Check Contents

Interview the application representative and review the SOPs to ensure that violations of IA policies are analyzed and reported.

If there is no policy for reporting IA violations, this is a finding.

Vulnerability Number

V-222623

Documentable

False

Rule Version

APSC-DV-002920

Severity Override Guidance

Interview the application representative and review the SOPs to ensure that violations of IA policies are analyzed and reported.

If there is no policy for reporting IA violations, this is a finding.

Check Content Reference

Target Key

4093

The ISSO must report all suspected violations of IA policies in accordance with DoD information system IA procedures.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments