STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Code coverage statistics must be maintained for each release of the application.

DISA Rule

SV-222649r508029_rule

Vulnerability Number

V-222649

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003180

Severity

CAT III

CCI(s)

• CCI-003188 - The organization defines the specific code for which the developer of the information system, system component, or information system service is required to perform a manual code review using organization-defined process, procedures, and/or techniques.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Track application testing and maintain statistics that show how much of the application function was tested.

Check Contents

If the organization does not do or manage the application development work for the application, this requirement is not applicable.

Ask the application representative to provide code coverage statistics maintained for the application.

If these code coverage statistics do not exist, this is a finding.

Vulnerability Number

V-222649

Documentable

False

Rule Version

APSC-DV-003180

Severity Override Guidance

If the organization does not do or manage the application development work for the application, this requirement is not applicable.

Ask the application representative to provide code coverage statistics maintained for the application.

If these code coverage statistics do not exist, this is a finding.

Check Content Reference

M

Target Key

4093

Comments