STIGQter: STIG Summary: Test and Development Zone C Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Organizations interconnecting test and development environments must have MOAs, MOUs, and SLAs properly documented.

DISA Rule

SV-51540r1_rule

Vulnerability Number

V-39673

Group Title

ENTD0340 - Approved contracts are not in place between interconnected organizations.

Rule Version

ENTD0340

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Create MOUs, MOAs, and/or SLAs with other interconnected organizations, and then gain approval from the organization’s Authorizing Official and add the documentation to the accreditation package.

Check Contents

Verify Authorizing Official-approved MOAs, MOUs, and SLAs are up to date and included with the organization's accreditation package. If the organization does not have MOAs, MOUs, and/or SLAs with the accreditation package, this is a finding.

Vulnerability Number

V-39673

Documentable

False

Rule Version

ENTD0340

Severity Override Guidance

Verify Authorizing Official-approved MOAs, MOUs, and SLAs are up to date and included with the organization's accreditation package. If the organization does not have MOAs, MOUs, and/or SLAs with the accreditation package, this is a finding.

Check Content Reference

M

Target Key

1133

Comments