UCF STIG Viewer Logo

DCSL-1 System Library Management Controls


Overview

System libraries are managed and maintained to protect privileged programs and to prevent or minimize the introduction of unauthorized code.

MAC / CONF Impact Subject Area
MACI
MACII
MACIII
Medium Security Design and Configuration

Details

Threat
Without appropriate library management controls, unauthorized code can intentionally or inadvertently be added to information systems.  Software versioning, access rights, etc. all work towards maintaining a known configuration.

Guidance
1. Libraries shall be controlled by the CCB.
2. Access to libraries shall be restricted to a minimum number of individuals.
3. A library access log shall be maintained, preferably automated.

References

  • IEEE 12207.0, Industry Implementation of International Standard ISO/IEC 12207: 1995 (ISO/IEC 12207)) Standard for Information Technology - Software Life Cycle Processes, 01 March 1998