Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Release Manager will ensure the access privileges to the configuration management (CM) repository are reviewed every 3 months.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16820 | APP4010 | SV-17820r1_rule | ECPC-1 ECPC-2 | Low |
| Description |
|---|
| Incorrect access privileges to the CM repository can lead to malicious code or unintentional code being introduced into the application. |
| STIG | Date |
|---|---|
| Application Security and Development STIG | 2014-04-03 |
Details
| Check Text ( C-17819r1_chk ) |
|---|
| The CM repository access permissions are not reviewed at least every three months. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. Ask the application representative when the last time the access privileges were reviewed. 1) If access privileges were reviewed within the last three months, this is not a finding. |
| Fix Text (F-17129r1_fix) |
|---|
| Review access privileges to the CM repository at least every three months. |