STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The Configuration Management (CM) repository must be properly patched and STIG compliant.

DISA Rule

SV-222630r508029_rule

Vulnerability Number

V-222630

Group Title

SRG-APP-000516

Rule Version

APSC-DV-002995

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Patch the CM system when new security patches are made available and apply the relevant STIGs.

Check Contents

Review the application system documentation and interview the application administrator.

Identify if the STIG is being applied to application developers or organizations responsible for code management or who have and operate an application CM repository. If this is not the case, the requirement is not applicable.

Review CM patch management processes and procedures. Have the system and CM admins demonstrate their patch management processes and verify the system has the latest security patches applied.

Review the ATO documentation and verify the system that operates the CM repository software has had all relevant STIGs applied.

If CM repository is not at the latest security patch level and is not operating on a STIG compliant system, this is a finding.

Vulnerability Number

V-222630

Documentable

False

Rule Version

APSC-DV-002995

Severity Override Guidance

Review the application system documentation and interview the application administrator.

Identify if the STIG is being applied to application developers or organizations responsible for code management or who have and operate an application CM repository. If this is not the case, the requirement is not applicable.

Review CM patch management processes and procedures. Have the system and CM admins demonstrate their patch management processes and verify the system has the latest security patches applied.

Review the ATO documentation and verify the system that operates the CM repository software has had all relevant STIGs applied.

If CM repository is not at the latest security patch level and is not operating on a STIG compliant system, this is a finding.

Check Content Reference

M

Target Key

4093

Comments