STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Prior to each release of the application, updates to system, or applying patches; tests plans and procedures must be created and executed.

DISA Rule

SV-222644r508029_rule

Vulnerability Number

V-222644

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003130

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-003004 - The organization implements a process for ensuring that organizational plans for conducting security testing associated with organizational information systems continue to be executed in a timely manner.

Weight

10

Fix Recommendation

Execute tests plans prior to release or patch update.

Check Contents

If the review is not being done with the developer of the application, this requirement is not applicable.

Ask the application representative to provide tests plans, procedures, and results to ensure they are updated for each application release or updates to system patches.

If test plans, procedures, and results do not exist, or are not updated for each application release, this is a finding.

Vulnerability Number

V-222644

Documentable

False

Rule Version

APSC-DV-003130

Severity Override Guidance

If the review is not being done with the developer of the application, this requirement is not applicable.

Ask the application representative to provide tests plans, procedures, and results to ensure they are updated for each application release or updates to system patches.

If test plans, procedures, and results do not exist, or are not updated for each application release, this is a finding.

Check Content Reference

M

Target Key

4093

Comments