STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222647r508029_rule
V-222647
SRG-APP-000516
APSC-DV-003160
CAT III
10
Create test procedures to test the security state of the application and exercise test procedures annually.
Review the process documentation and interview the admin staff.
Identify if testing procedures exist and if they include annual testing to ensure the application remains in a secure state on initialization, shutdown, and aborts.
Checks should include at a minimum, attempts to access the application and application configuration settings without credentials or with improper credentials both locally and remotely.
Dates should be noted as to the last date of testing.
If annual testing procedures do not exist, or if administrators are unable to provide testing dates that indicate the tests were conducted within the last year, this is a finding.
V-222647
False
APSC-DV-003160
Review the process documentation and interview the admin staff.
Identify if testing procedures exist and if they include annual testing to ensure the application remains in a secure state on initialization, shutdown, and aborts.
Checks should include at a minimum, attempts to access the application and application configuration settings without credentials or with improper credentials both locally and remotely.
Dates should be noted as to the last date of testing.
If annual testing procedures do not exist, or if administrators are unable to provide testing dates that indicate the tests were conducted within the last year, this is a finding.
M
4093