STIGQter: STIG Summary: Test and Development Zone D Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Network infrastructure and systems supporting the test and development environment must follow DoD certification and accreditation procedures before connecting to a DoD operational network or Internet Service Provider.

DISA Rule

SV-51203r1_rule

Vulnerability Number

V-39345

Group Title

ENTD0020 - The test and development infrastructure does not follow a CAP.

Rule Version

ENTD0020

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Certify and accredit the test and development infrastructure and supporting systems connecting to the DISN. Keep the IATO with the organization's accreditation package.

Check Contents

Review the accreditation package documentation to verify the test and development environment has been granted an IATO to connect to the DISN. If an IATO has not been granted, this is a finding.

If the zone environment does not have any connectivity to the DISN or commercial ISP, this requirement is not applicable.

Vulnerability Number

V-39345

Documentable

False

Rule Version

ENTD0020

Severity Override Guidance

Review the accreditation package documentation to verify the test and development environment has been granted an IATO to connect to the DISN. If an IATO has not been granted, this is a finding.

If the zone environment does not have any connectivity to the DISN or commercial ISP, this requirement is not applicable.

Check Content Reference

M

Responsibility

Information Assurance Manager

Target Key

1134

Comments