Checked | Name | Title |
---|
☐ | SV-51202r1_rule | Network infrastructure and systems supporting the test and development environment must be documented within the organizations accreditation package. |
☐ | SV-51203r1_rule | Network infrastructure and systems supporting the test and development environment must follow DoD certification and accreditation procedures before connecting to a DoD operational network or Internet Service Provider. |
☐ | SV-51291r1_rule | Network infrastructure and systems supporting the test and development environment must be registered in a DoD asset management system. |
☐ | SV-51292r1_rule | Network infrastructure and systems supporting the test and development environment must be managed from a management network. |
☐ | SV-51293r1_rule | The organization must document impersistent connections to the test and development environment with approval by the organizations Authorizing Official. |
☐ | SV-51295r1_rule | Development systems must have antivirus installed and enabled with up-to-date signatures. |
☐ | SV-51296r1_rule | Development systems must have HIDS or HIPS installed and configured with up-to-date signatures. |
☐ | SV-51297r1_rule | Development systems must have a firewall installed, configured, and enabled. |
☐ | SV-51298r1_rule | Development systems must be part of a patch management solution. |
☐ | SV-51299r1_rule | A change management policy must be implemented for application development. |
☐ | SV-51469r1_rule | The organization must document and gain approval from the Change Control Authority prior to migrating data to DoD operational networks. |
☐ | SV-51472r1_rule | Application code must go through a code review prior to deployment into DoD operational networks. |
☐ | SV-51477r1_rule | Access to source code during application development must be restricted to authorized users. |
☐ | SV-51479r2_rule | The organization must sanitize data transferred to test and development environments from DoD operational networks for testing to remove personal and sensitive information exempt from the Freedom of Information Act. |
☐ | SV-51527r1_rule | The test and development environment must not have access to DoD operational networks. |
☐ | SV-51532r1_rule | Tunneling mechanisms must be used for data transmission between interconnected organizations. |
☐ | SV-51533r1_rule | Sensitive data transmitted between interconnected organizations must be encrypted using an approved mechanism for the classification level of the data transmitted. |
☐ | SV-51535r1_rule | The organization must prohibit remote access from external networks to the test and development environment. |
☐ | SV-51539r1_rule | Virtual machines used for application development and testing must not share the same physical host with DoD operational virtual machines. |
☐ | SV-51540r1_rule | Organizations interconnecting test and development environments must have MOAs, MOUs, and SLAs properly documented. |
☐ | SV-54070r1_rule | Data used for testing and development must be downloaded through a secure connection to an IA-compliant system for vulnerability scanning prior to deployment in the test and development environment. |
☐ | SV-56070r1_rule | The organization must create a policy and procedures document for proper handling and transport of data entering (physically or electronically) the test and development environment. |