STIGQter: STIG Summary: Test and Development Zone D Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

The organization must document and gain approval from the Change Control Authority prior to migrating data to DoD operational networks.

DISA Rule

SV-51469r1_rule

Vulnerability Number

V-39611

Group Title

ENTD0120 - Applications moving to operational networks not approved.

Rule Version

ENTD0120

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Create a policy to document all finalized projects to gain approval by the Change Control Authority prior to deploying finalized projects to a DoD operational network.

Check Contents

Review the change control documentation for the environment to determine whether the organization has prior approval to move data from the test and development environment to the operational network after final testing. If the organization does not keep a change control log or the log exists but is not current, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Vulnerability Number

V-39611

Documentable

False

Rule Version

ENTD0120

Severity Override Guidance

Review the change control documentation for the environment to determine whether the organization has prior approval to move data from the test and development environment to the operational network after final testing. If the organization does not keep a change control log or the log exists but is not current, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Check Content Reference

M

Target Key

1134

Comments