UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Program Manager will ensure a security incident response process for the application is established that defines reportable incidents and outlines a standard operating procedure for incident response to include Information Operations Condition (INFOCON).


Overview

Finding ID Version Rule ID IA Controls Severity
V-16782 APP2140 SV-17782r1_rule VIIR-1 VIIR-2 Medium
Description
Without a plan, training, and assistance, users will not know what actions needs to be taken in the event of system attack or system/application compromise. This could result in additional compromise and theft, or degraded system capability.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-17758r1_chk )
Verify that the organization provides or uses an incident support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents. The support resource must be an integral part of the organization’s incident response capability. This capability is addressed by the DOD CNDSP Program but participation at the organization level must be verified.

Interview the application representative to determine if a security incident response process for the application is established.

1) If a security incident response process for the application is not documented, it is a finding.

Interview the application representative to determine if a security incident response process contains the following:
Identified CNDSP.
Reportable incidents are defined.
INFCON outlined in the incident response standard operating procedures.
A provision exists for user training and annual refresher training.
Establishment of an incident response team.
Procedure for the plan to be exercised annually.

2) If a security incident response process is not adequate, it is a finding.

Interview the application representative to determine if a security incident response process for the application is followed.

3) If a security incident response process for the application is not followed, it is a finding.
Fix Text (F-16980r1_fix)
Fully participate in the DOD CNDSP Program as described in DoD Instruction 8530.2 or develop an Incident response Plan.
Exercise the Incident Response Plan annually.
Provide for user incident response training.
Provide an incident support resource that offers advice and assistance to users for the handling and reporting of security incidents.
The support resource must be an integral part of the organization's incident response capability.