STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.

DISA Rule

SV-222435r508029_rule

Vulnerability Number

V-222435

Group Title

SRG-APP-000069

Rule Version

APSC-DV-000560

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the application to retain the standard DoD-approved banner until the user accepts the usage conditions prior to granting access to the application.

Check Contents

If the application has no interactive user interface, this requirement is not applicable.

If the user interface is only available via the OS console, e.g., a fat client application installed on a GFE desktop or laptop, and that GFE is configured to display the DoD banner, this requirement is not applicable.

Access the application and authenticate if necessary. Verify the banner is displayed and action must be taken to accept terms of use.

If the banner is not displayed or no action must be taken to accept terms of use, this is a finding.

Vulnerability Number

V-222435

Documentable

False

Rule Version

APSC-DV-000560

Severity Override Guidance

If the application has no interactive user interface, this requirement is not applicable.

If the user interface is only available via the OS console, e.g., a fat client application installed on a GFE desktop or laptop, and that GFE is configured to display the DoD banner, this requirement is not applicable.

Access the application and authenticate if necessary. Verify the banner is displayed and action must be taken to accept terms of use.

If the banner is not displayed or no action must be taken to accept terms of use, this is a finding.

Check Content Reference

M

Target Key

4093

Comments