STIGQter: STIG Summary: Test and Development Zone D Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Access to source code during application development must be restricted to authorized users.

DISA Rule

SV-51477r1_rule

Vulnerability Number

V-39619

Group Title

ENTD0140 - Source code not restricted to authorized individuals.

Rule Version

ENTD0140

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Document all authorized users with access to the development environment and access to source code. If the documentation exists but is not current, bring the documentation up to date.

Check Contents

Review the organization's site security plan and documentation to determine whether there is a list of current authorized users. If a current list of authorized users is missing from the site security plan for the test and development environment, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Vulnerability Number

V-39619

Documentable

False

Rule Version

ENTD0140

Severity Override Guidance

Review the organization's site security plan and documentation to determine whether there is a list of current authorized users. If a current list of authorized users is missing from the site security plan for the test and development environment, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Check Content Reference

M

Target Key

1134

Comments