UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Program Manager will ensure all products are supported by the vendor or the development team.


Overview

Finding ID Version Rule ID IA Controls Severity
V-21519 APP2135 SV-23731r1_rule DCSQ-1 High
Description
Unsupported software products should not be used because of the unknown potential vulnerabilities. Any vulnerability associated with a DoD Information system or system enclave, the exploitation of which, by a risk factor, will directly and immediately result in loss of Confidentiality, Availability or Integrity of the system associated data. Unsupported software where there is no documented acceptance of DAA risk.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-27014r1_chk )
Ask the application representative for the design document. Review the design document for all software components. Ask the application representative for proof that the application and all of its components are supported. Examples of proof may include: design documentation that includes support information, support specific contract documentation, successful creation of vendor support tickets, web site toll free support phone numbers etcetera."
If any of the software components are not supported by a vendor, it is a finding.
Fix Text (F-23084r1_fix)
Remove or decommission all unsupported software products in the application.