STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must not be hosted on a general purpose machine if the application is designated as critical or high availability by the ISSO.

DISA Rule

SV-222635r508029_rule

Vulnerability Number

V-222635

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003040

Severity

CAT II

CCI(s)

• CCI-002828 - The organization identifies critical information system assets supporting essential missions.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Deploy mission critical applications on servers that are not shared by other less critical applications.

Check Contents

Ask the application representative to review the servers where the application is deployed.

Ask what other applications are deployed on those servers.

Identify the criticality of the applications installed on the system.

If a mission critical application is deployed onto the same server as non-mission critical applications, this is a finding.

Vulnerability Number

V-222635

Documentable

False

Rule Version

APSC-DV-003040

Severity Override Guidance

Ask the application representative to review the servers where the application is deployed.

Ask what other applications are deployed on those servers.

Identify the criticality of the applications installed on the system.

If a mission critical application is deployed onto the same server as non-mission critical applications, this is a finding.

Check Content Reference

M

Target Key

4093

Comments