STIGQter STIGQter: STIG Summary: Web Policy STIG Version: 1 Release: 1 Benchmark Date: 28 Oct 2011: The sensitivity level of all data for publication on a production web site is known and documented.

DISA Rule

SV-28771r1_rule

Vulnerability Number

V-23835

Group Title

Data sensitivity documented

Rule Version

WEBPL025

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Acquire the data sensitivity level and security category of information published on a production web site.

Check Contents

It is not the responsibility of the hosting agency to document the data sensitivity level and security category of the hosted information. It is the responsibility of the information owner to provide this documentation to the IAO of the hosting agency.

If this documentation is not in the possession of the IAO, this is a finding.

Vulnerability Number

V-23835

Documentable

False

Rule Version

WEBPL025

Severity Override Guidance

It is not the responsibility of the hosting agency to document the data sensitivity level and security category of the hosted information. It is the responsibility of the information owner to provide this documentation to the IAO of the hosting agency.

If this documentation is not in the possession of the IAO, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Comments