| Checked | Name | Title |
|---|
| ☐ | SV-51202r1_rule | Network infrastructure and systems supporting the test and development environment must be documented within the organizations accreditation package. |
| ☐ | SV-51203r1_rule | Network infrastructure and systems supporting the test and development environment must follow DoD certification and accreditation procedures before connecting to a DoD operational network or Internet Service Provider. |
| ☐ | SV-51291r1_rule | Network infrastructure and systems supporting the test and development environment must be registered in a DoD asset management system. |
| ☐ | SV-51292r1_rule | Network infrastructure and systems supporting the test and development environment must be managed from a management network. |
| ☐ | SV-51293r1_rule | The organization must document impersistent connections to the test and development environment with approval by the organizations Authorizing Official. |
| ☐ | SV-51295r1_rule | Development systems must have antivirus installed and enabled with up-to-date signatures. |
| ☐ | SV-51296r1_rule | Development systems must have HIDS or HIPS installed and configured with up-to-date signatures. |
| ☐ | SV-51297r1_rule | Development systems must have a firewall installed, configured, and enabled. |
| ☐ | SV-51298r1_rule | Development systems must be part of a patch management solution. |
| ☐ | SV-51299r1_rule | A change management policy must be implemented for application development. |
| ☐ | SV-51469r1_rule | The organization must document and gain approval from the Change Control Authority prior to migrating data to DoD operational networks. |
| ☐ | SV-51472r1_rule | Application code must go through a code review prior to deployment into DoD operational networks. |
| ☐ | SV-51477r1_rule | Access to source code during application development must be restricted to authorized users. |
| ☐ | SV-51479r2_rule | The organization must sanitize data transferred to test and development environments from DoD operational networks for testing to remove personal and sensitive information exempt from the Freedom of Information Act. |
| ☐ | SV-51526r2_rule | The Zone D test and development environment must be physically separate and isolated from any DoD operational network. |
| ☐ | SV-51527r1_rule | The test and development environment must not have access to DoD operational networks. |
| ☐ | SV-51536r1_rule | Remote access VPNs must prohibit the use of split tunneling on VPN connections. |
| ☐ | SV-51537r1_rule | Remote access into the test and development environment must originate from a non-DoD operational network segment. |
| ☐ | SV-51539r1_rule | Virtual machines used for application development and testing must not share the same physical host with DoD operational virtual machines. |
| ☐ | SV-51541r1_rule | The organization must have a current ISP GIG Waiver for any ISP connections to the test and development environment. |
| ☐ | SV-54070r1_rule | Data used for testing and development must be downloaded through a secure connection to an IA-compliant system for vulnerability scanning prior to deployment in the test and development environment. |
| ☐ | SV-56070r1_rule | The organization must create a policy and procedures document for proper handling and transport of data entering (physically or electronically) the test and development environment. |
STIGQter: STIG Summary: