STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must be decommissioned when maintenance or support is no longer available.

DISA Rule

SV-222659r508029_rule

Vulnerability Number

V-222659

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003250

Severity

CAT I

CCI(s)

• CCI-003376 - The organization replaces information system components when support for the components is no longer available from the developer, vendor, or manufacturer.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure there is maintenance for the application.

Check Contents

Interview the application representative and determine if all the application components are under maintenance contract. The entire application may be covered by a single maintenance agreement. The application should be decommissioned if maintenance or security support is no longer being provided by the vendor or by the development staff of a custom developed application.

If the application or any of the application components are not being maintained, this is a finding.

Vulnerability Number

V-222659

Documentable

False

Rule Version

APSC-DV-003250

Severity Override Guidance

Interview the application representative and determine if all the application components are under maintenance contract. The entire application may be covered by a single maintenance agreement. The application should be decommissioned if maintenance or security support is no longer being provided by the vendor or by the development staff of a custom developed application.

If the application or any of the application components are not being maintained, this is a finding.

Check Content Reference

M

Target Key

4093

Comments