STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must be configured to use only functions, ports, and protocols permitted to it in the PPSM CAL.

DISA Rule

SV-222519r508029_rule

Vulnerability Number

V-222519

Group Title

SRG-APP-000142

Rule Version

APSC-DV-001510

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application to utilize application ports approved by the PPSM CAL.

Check Contents

Review the application documentation and configuration.

Interview the application administrator.

Identify the network ports and protocols that are utilized by the application.

Using a combination of relevant OS commands and application configuration utilities identify the TCP/IP port numbers the application is configured to utilize and is utilizing.

Review the PPSM web page at:

http://www.disa.mil/Network-Services/Enterprise-Connections/PPSM

Review the PPSM Category Assurance List (CAL) directly at the following link:

https://disa.deps.mil/ext/cop/iase/ppsm/Pages/cal.aspx

Verify the ports used by the application are approved by the PPSM CAL.

If the ports are not approved by the PPSM CAL, this is a finding.

Vulnerability Number

V-222519

Documentable

False

Rule Version

APSC-DV-001510

Severity Override Guidance

Review the application documentation and configuration.

Interview the application administrator.

Identify the network ports and protocols that are utilized by the application.

Using a combination of relevant OS commands and application configuration utilities identify the TCP/IP port numbers the application is configured to utilize and is utilizing.

Review the PPSM web page at:

http://www.disa.mil/Network-Services/Enterprise-Connections/PPSM

Review the PPSM Category Assurance List (CAL) directly at the following link:

https://disa.deps.mil/ext/cop/iase/ppsm/Pages/cal.aspx

Verify the ports used by the application are approved by the PPSM CAL.

If the ports are not approved by the PPSM CAL, this is a finding.

Check Content Reference

M

Target Key

4093

Comments