STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Security flaws must be fixed or addressed in the project plan.

DISA Rule

SV-222652r508029_rule

Vulnerability Number

V-222652

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003210

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-003178 - The organization requires the developer of the information system, system component, or information system service to correct flaws identified during security testing/evaluation.

Weight

10

Fix Recommendation

Address security flaws within a project plan to ensure they are tracked and addressed by management.

Check Contents

This requirement is meant to apply to developers or organizations that are doing application development work. If the organization managing the application is not performing or managing the development of the application the requirement is not applicable.

Ask the application representative to demonstrate how security flaws are integrated into the project plan.

If security flaws are not addressed in the project plan or there is no process to introduce security flaws into the project plan, this is a finding.

Vulnerability Number

V-222652

Documentable

False

Rule Version

APSC-DV-003210

Severity Override Guidance

This requirement is meant to apply to developers or organizations that are doing application development work. If the organization managing the application is not performing or managing the development of the application the requirement is not applicable.

Ask the application representative to demonstrate how security flaws are integrated into the project plan.

If security flaws are not addressed in the project plan or there is no process to introduce security flaws into the project plan, this is a finding.

Check Content Reference

M

Target Key

4093

Comments