STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222666r508029_rule
V-222666
SRG-APP-000516
APSC-DV-003310
CAT II
10
Remove sensitive data from production database exports.
Review the application documentation and identify the existence of databases within the application architecture.
Ask the application admin to identify when data exports from this database are imported to test or development databases.
If no data is exported to test or development databases, this check is not applicable.
If there are such data exports, ask if the production database includes sensitive data identified by the data owner as sensitive such as passwords, financial, personnel, personal, HIPAA, Privacy Act, or classified data is included.
If any database exports include sensitive data and that data is not sanitized or removed prior to or immediately after import to the development database, this is a finding.
V-222666
False
APSC-DV-003310
Review the application documentation and identify the existence of databases within the application architecture.
Ask the application admin to identify when data exports from this database are imported to test or development databases.
If no data is exported to test or development databases, this check is not applicable.
If there are such data exports, ask if the production database includes sensitive data identified by the data owner as sensitive such as passwords, financial, personnel, personal, HIPAA, Privacy Act, or classified data is included.
If any database exports include sensitive data and that data is not sanitized or removed prior to or immediately after import to the development database, this is a finding.
M
4093