STIGQter: STIG Summary: Test and Development Zone D Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Application code must go through a code review prior to deployment into DoD operational networks.

DISA Rule

SV-51472r1_rule

Vulnerability Number

V-39614

Group Title

ENTD0130 - Code review not completed prior to application deployment.

Rule Version

ENTD0130

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement a code review policy for applications before deployment into DoD operational networks.

Check Contents

Determine whether there is a policy in place for code review prior to applications being deployed into a DoD operational network. If a code review policy has not been established, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Vulnerability Number

V-39614

Documentable

False

Rule Version

ENTD0130

Severity Override Guidance

Determine whether there is a policy in place for code review prior to applications being deployed into a DoD operational network. If a code review policy has not been established, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Check Content Reference

M

Target Key

1134

Comments