STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must isolate security functions from non-security functions.

DISA Rule

SV-222590r508029_rule

Vulnerability Number

V-222590

Group Title

SRG-APP-000233

Rule Version

APSC-DV-002360

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement controls within the application that limits access to security configuration functionality and isolates regular application function from security-oriented function.

Check Contents

Review the application documentation and interview the application administrator.

Identify if the application utilizes access controls.

Commonly employed access controls include Role-Based Access Controls (RBAC), Access Control Lists (ACL) and Mandatory Access Controls (MAC).

Ensure the application utilizes a control structure that is capable of protecting security assets such as policy and configuration settings from unauthorized modification.

If the application does not protect security functions that enforce security policy and protect security configuration settings, this is a finding.

Vulnerability Number

V-222590

Documentable

False

Rule Version

APSC-DV-002360

Severity Override Guidance

Review the application documentation and interview the application administrator.

Identify if the application utilizes access controls.

Commonly employed access controls include Role-Based Access Controls (RBAC), Access Control Lists (ACL) and Mandatory Access Controls (MAC).

Ensure the application utilizes a control structure that is capable of protecting security assets such as policy and configuration settings from unauthorized modification.

If the application does not protect security functions that enforce security policy and protect security configuration settings, this is a finding.

Check Content Reference

M

Target Key

4093

Comments