STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application development team must follow a set of coding standards.

DISA Rule

SV-222653r561281_rule

Vulnerability Number

V-222653

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003215

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Create and maintain a coding standard process and documentation for developers to follow.

Include programming best practices based on the languages being used for application development. Include items that should be standardized across the team that that deal with how developers write their application code.

Check Contents

This requirement is meant to apply to developers or organizations that are doing application development work. If the organization operating the application under review is not doing the development or managing the development of the application, the requirement is not applicable.

Ask the application representative about their coding standards. Ask for a coding standards document, review the document and ask the developers if they are aware of and if they use the coding standards. Make a determination if the application developers follow the coding standard.

If the developers do not follow a coding standard, or if a coding standard document does not exist, this is a finding.

Vulnerability Number

V-222653

Documentable

False

Rule Version

APSC-DV-003215

Severity Override Guidance

This requirement is meant to apply to developers or organizations that are doing application development work. If the organization operating the application under review is not doing the development or managing the development of the application, the requirement is not applicable.

Ask the application representative about their coding standards. Ask for a coding standards document, review the document and ask the developers if they are aware of and if they use the coding standards. Make a determination if the application developers follow the coding standard.

If the developers do not follow a coding standard, or if a coding standard document does not exist, this is a finding.

Check Content Reference

M

Target Key

4093

Comments