Security flaws must be fixed or addressed in the project plan.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-70383 | APSC-DV-003210 | SV-85005r1_rule | Medium |
| Description |
|---|
| This requirement is meant to apply to developers or organizations that are doing application development work. Application development efforts include the creation of a project plan to track and organize the development work. If security flaws are not tracked within the project plan, it is possible the flaws will be overlooked and included in a release. Tracking flaws in the project plan will help identify code elements to be changed as well as the requested change. |
| STIG | Date |
|---|---|
| Application Security and Development Security Technical Implementation Guide | 2017-01-09 |
Details
| Check Text ( C-70837r1_chk ) |
|---|
| This requirement is meant to apply to developers or organizations that are doing application development work. If the organization managing the application is not performing or managing the development of the application the requirement is not applicable. Ask the application representative to demonstrate how security flaws are integrated into the project plan. If security flaws are not addressed in the project plan or there is no process to introduce security flaws into the project plan, this is a finding. |
| Fix Text (F-76619r1_fix) |
|---|
| Address security flaws within a project plan to ensure they are tracked and addressed by management. |