STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

At least one application administrator must be registered to receive update notifications, or security alerts, when automated alerts are available.

DISA Rule

SV-222669r508029_rule

Vulnerability Number

V-222669

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003340

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001285 - The organization receives information system security alerts, advisories, and directives from organization-defined external organizations on an ongoing basis.

Weight

10

Fix Recommendation

Register administrators to receive update notifications so they can patch and update applications and application components.

Check Contents

Review the components of the application.

Ask the application representative to demonstrate deployment personnel are registered to receive notifications for update notification for all of the application components including custom-developed software, libraries and third-party tools.

If no deployment personnel are registered to receive the alerts, this is a finding.

Vulnerability Number

V-222669

Documentable

False

Rule Version

APSC-DV-003340

Severity Override Guidance

Review the components of the application.

Ask the application representative to demonstrate deployment personnel are registered to receive notifications for update notification for all of the application components including custom-developed software, libraries and third-party tools.

If no deployment personnel are registered to receive the alerts, this is a finding.

Check Content Reference

M

Target Key

4093

Comments