UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ECSD-1 Software Development Change Controls


Overview

Change controls for software development are in place to prevent unauthorized programs or modifications to programs from being implemented.

MAC / CONF Impact Subject Area
MACIII Medium Enclave Computing Environment

Details

Threat
The integrity of computer systems is at risk if software development change controls are not established and implemented.  A Configuration Management (CM) plan greatly reduces the risk of unauthorized program modification.

Guidance
1. A CM plan shall be established and implemented, and the CM plan shall include how software change requests (SCRs) are prepared, submitted, processed, and tracked.
2. The IAM/IAO and the site’s lead developer/programmer shall authorize and document the roles, responsibilities, and privileges for all personnel allowed to make software development changes.
3. The System Administrator shall institute access controls limiting the software developer accounts to the minimum number of privileges needed to perform their assigned duties.

References

  • NIST SP 800-12, An Introduction to Computer Security:  The NIST Handbook, October 1995
  • DISA, Recommended Standard Application Security Requirements Version 2, March 2003
  • DISA, Application Security Checklist, Version 2.0, Release 1.5, 28 January 2005