STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Procedures must be in place to notify users when an application is decommissioned.

DISA Rule

SV-222660r508029_rule

Vulnerability Number

V-222660

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003260

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-003374 - The organization documents approval for the continued use of unsupported system components required to satisfy mission/business needs.

Weight

10

Fix Recommendation

Create and establish procedures to notify users when an application is decommissioned.

Check Contents

Interview the application representative to determine if provisions are in place to notify users when an application is decommissioned.

If provisions are not in place to notify users when an application is decommissioned, this is a finding.

Vulnerability Number

V-222660

Documentable

False

Rule Version

APSC-DV-003260

Severity Override Guidance

Interview the application representative to determine if provisions are in place to notify users when an application is decommissioned.

If provisions are not in place to notify users when an application is decommissioned, this is a finding.

Check Content Reference

M

Target Key

4093

Comments