STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Access privileges to the Configuration Management (CM) repository must be reviewed every three months.

DISA Rule

SV-222631r508029_rule

Vulnerability Number

V-222631

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003000

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.
CCI-001795 - The organization implements a configuration management plan for the information system that establishes a process for managing the configuration of the configuration items.

Weight

Fix Recommendation

Review access privileges to the CM repository at least every three months.

Check Contents

Review the application system documentation.

Interview the application administrator.

Identify if development of the application is done in house and if application configuration management repository exists.

If application development is not done in house and if a code configuration management repository does not exist, the requirement is not applicable.

Review CM management processes and procedures.

Verify the CM repository access permissions are reviewed at least every three months.

Ask the application administrator or the CM administrator when the last time the CM access privileges were reviewed.

If CM access privileges have not been reviewed within the last three months, this is a finding.

Access privileges to the Configuration Management (CM) repository must be reviewed every three months.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments