| Checked | Name | Title |
|---|
| ☐ | SV-51202r1_rule | Network infrastructure and systems supporting the test and development environment must be documented within the organizations accreditation package. |
| ☐ | SV-51203r1_rule | Network infrastructure and systems supporting the test and development environment must follow DoD certification and accreditation procedures before connecting to a DoD operational network or Internet Service Provider. |
| ☐ | SV-51291r1_rule | Network infrastructure and systems supporting the test and development environment must be registered in a DoD asset management system. |
| ☐ | SV-51292r1_rule | Network infrastructure and systems supporting the test and development environment must be managed from a management network. |
| ☐ | SV-51293r1_rule | The organization must document impersistent connections to the test and development environment with approval by the organizations Authorizing Official. |
| ☐ | SV-51294r1_rule | Application development must not occur on DoD operational network segments. |
| ☐ | SV-51295r1_rule | Development systems must have antivirus installed and enabled with up-to-date signatures. |
| ☐ | SV-51296r1_rule | Development systems must have HIDS or HIPS installed and configured with up-to-date signatures. |
| ☐ | SV-51297r1_rule | Development systems must have a firewall installed, configured, and enabled. |
| ☐ | SV-51298r1_rule | Development systems must be part of a patch management solution. |
| ☐ | SV-51299r1_rule | A change management policy must be implemented for application development. |
| ☐ | SV-51469r1_rule | The organization must document and gain approval from the Change Control Authority prior to migrating data to DoD operational networks. |
| ☐ | SV-51472r1_rule | Application code must go through a code review prior to deployment into DoD operational networks. |
| ☐ | SV-51477r1_rule | Access to source code during application development must be restricted to authorized users. |
| ☐ | SV-51479r2_rule | The organization must sanitize data transferred to test and development environments from DoD operational networks for testing to remove personal and sensitive information exempt from the Freedom of Information Act. |
| ☐ | SV-51485r1_rule | The test and development infrastructure must use a gateway to separate access to DoD operational networks. |
| ☐ | SV-51487r1_rule | Ports, protocols, and services visible to DoD operational networks or ISPs must follow DoDI 8551.1 policy. |
| ☐ | SV-51494r1_rule | The test and development infrastructure must use a firewall for traffic inspection to and from DoD operational networks. |
| ☐ | SV-51525r1_rule | The test and development infrastructure must use a DMZ to import and export data between test and development environments and DoD operational networks. |
| ☐ | SV-51528r1_rule | Logical separation must occur between testing and development network segments within the same test and development environment. |
| ☐ | SV-51529r1_rule | Access control lists between development and testing network segments within a test and development environment must be in a deny-by-default posture. |
| ☐ | SV-51530r1_rule | Access control lists between the test and development environment and DoD operational networks must be in a deny-by-default posture. |
| ☐ | SV-51531r1_rule | Access control lists between the test and development environments must be in a deny-by-default posture. |
| ☐ | SV-51534r1_rule | Remote access into the test and development environment must use an encryption mechanism approved for the classification level of the network. |
| ☐ | SV-51536r1_rule | Remote access VPNs must prohibit the use of split tunneling on VPN connections. |
| ☐ | SV-51539r1_rule | Virtual machines used for application development and testing must not share the same physical host with DoD operational virtual machines. |
| ☐ | SV-54070r1_rule | Data used for testing and development must be downloaded through a secure connection to an IA-compliant system for vulnerability scanning prior to deployment in the test and development environment. |
| ☐ | SV-56070r1_rule | The organization must create a policy and procedures document for proper handling and transport of data entering (physically or electronically) the test and development environment. |
STIGQter: STIG Summary: