STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must remove organization-defined software components after updated versions have been installed.

DISA Rule

SV-222613r508029_rule

Vulnerability Number

V-222613

Group Title

SRG-APP-000454

Rule Version

APSC-DV-002610

Severity

CAT II

CCI(s)

• CCI-002617 - The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed.

Weight

10

Fix Recommendation

Configure or design the application to remove old components when updating.

Check Contents

Review the application documentation and interview the application admin to identify application locations on system.

Identify application versions that are installed on the system.

Review the file system structure to see if older versions of the application are still installed.

If old versions of the application or components are still installed on the system, this is a finding.

Vulnerability Number

V-222613

Documentable

False

Rule Version

APSC-DV-002610

Severity Override Guidance

Review the application documentation and interview the application admin to identify application locations on system.

Identify application versions that are installed on the system.

Review the file system structure to see if older versions of the application are still installed.

If old versions of the application or components are still installed on the system, this is a finding.

Check Content Reference

M

Target Key

4093

Comments