STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The designer must ensure uncategorized or emerging mobile code is not used in applications.

DISA Rule

SV-222665r508029_rule

Vulnerability Number

V-222665

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003300

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001167 - The organization ensures the development of mobile code to be deployed in information systems meets organization-defined mobile code requirements.

Weight

10

Fix Recommendation

Remove uncategorized or emerging mobile code from the application or obtain a waiver and risk acceptance to operate.

Check Contents

Review the application documentation and interview application administrator.

Determine what mobile code types are used by the application.

If uncategorized mobile code types are found, ask the application administrator to provide the documented waiver and risk acceptance. If the application is using uncategorized or emerging mobile code and there is no waiver provided, this is a finding.

Vulnerability Number

V-222665

Documentable

False

Rule Version

APSC-DV-003300

Severity Override Guidance

Review the application documentation and interview application administrator.

Determine what mobile code types are used by the application.

If uncategorized mobile code types are found, ask the application administrator to provide the documented waiver and risk acceptance. If the application is using uncategorized or emerging mobile code and there is no waiver provided, this is a finding.

Check Content Reference

M

Target Key

4093

Comments