STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must be configured to disable non-essential capabilities.

DISA Rule

SV-222518r508029_rule

Vulnerability Number

V-222518

Group Title

SRG-APP-000141

Rule Version

APSC-DV-001500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Disable application extraneous application functionality that is not required in order to fulfill the application's mission.

Check Contents

Review the application guidance, application requirements documentation, and interview the application administrator.

Identify the application's operational requirements and what services the application is intended to provide users.

Review the overall application features and functionality via the user interface.

Review and identify installed application software modules via configuration settings.

Using the relevant OS commands, identify services running on the system and have the application administrator identify the services related to the application.

If the application is operating with extraneous capabilities that have not been defined as required in order to meet mission objectives, this is a finding.

Vulnerability Number

V-222518

Documentable

False

Rule Version

APSC-DV-001500

Severity Override Guidance

Review the application guidance, application requirements documentation, and interview the application administrator.

Identify the application's operational requirements and what services the application is intended to provide users.

Review the overall application features and functionality via the user interface.

Review and identify installed application software modules via configuration settings.

Using the relevant OS commands, identify services running on the system and have the application administrator identify the services related to the application.

If the application is operating with extraneous capabilities that have not been defined as required in order to meet mission objectives, this is a finding.

Check Content Reference

M

Target Key

4093

Comments