STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The applications must limit privileges to change the software resident within software libraries.

DISA Rule

SV-222514r508029_rule

Vulnerability Number

V-222514

Group Title

SRG-APP-000133

Rule Version

APSC-DV-001440

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application OS file permissions to restrict access to software libraries and configure the application to restrict user access regarding software library update functionality to only authorized users or processes.

Check Contents

Review the application documentation and interview the application administrator to identify the application architecture.

Identify application folders where application libraries are stored.

Review permissions of application folders and library files contained with the folders to ensure file permissions restrict access to authorized users or processes.

Access application configuration settings.

Examine settings for capability to update software libraries or extend application functionality via the application.

Review user roles and access rights within the application to determine if access to this capability is restricted to authorized users.

If file restrictions do not limit write access to library files and if the application does not restrict access to library update functionality, this is a finding.

Vulnerability Number

V-222514

Documentable

False

Rule Version

APSC-DV-001440

Severity Override Guidance

Review the application documentation and interview the application administrator to identify the application architecture.

Identify application folders where application libraries are stored.

Review permissions of application folders and library files contained with the folders to ensure file permissions restrict access to authorized users or processes.

Access application configuration settings.

Examine settings for capability to update software libraries or extend application functionality via the application.

Review user roles and access rights within the application to determine if access to this capability is restricted to authorized users.

If file restrictions do not limit write access to library files and if the application does not restrict access to library update functionality, this is a finding.

Check Content Reference

M

Target Key

4093

Comments