The ISSO must report all suspected violations of IA policies in accordance with DoD information system IA procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-70301 | APSC-DV-002920 | SV-84923r1_rule | Medium |
| Description |
|---|
| Violations of IA policies must be reviewed and reported. If there are no policies regarding the reporting of IA violations, IA violations may not be tracked or addressed in a proper manner. |
| STIG | Date |
|---|---|
| Application Security and Development Security Technical Implementation Guide | 2017-01-09 |
Details
| Check Text ( C-70777r1_chk ) |
|---|
| Interview the application representative and review the SOPs to ensure that violations of IA policies are analyzed and reported. If there is no policy for reporting IA violations, this is a finding. |
| Fix Text (F-76537r1_fix) |
|---|
| Create and maintain a policy to report IA violations. |