STIGQter: STIG Summary: Test and Development Zone D Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

A change management policy must be implemented for application development.

DISA Rule

SV-51299r1_rule

Vulnerability Number

V-39441

Group Title

ENTD0110 - A change management policy is not implemented.

Rule Version

ENTD0110

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Create a change management policy for the organization for application and system development.

Check Contents

Interview the ISSM/ISSO to determine whether a current Change Control Management policy has been implemented in the organization. If a change management policy has not been created and implemented for the organization, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Vulnerability Number

V-39441

Documentable

False

Rule Version

ENTD0110

Severity Override Guidance

Interview the ISSM/ISSO to determine whether a current Change Control Management policy has been implemented in the organization. If a change management policy has not been created and implemented for the organization, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Check Content Reference

M

Target Key

1134

Comments