UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Security flaws must be fixed or addressed in the project plan.


Overview

Finding ID Version Rule ID IA Controls Severity
V-70383 APSC-DV-003210 SV-85005r1_rule Medium
Description
This requirement is meant to apply to developers or organizations that are doing application development work. Application development efforts include the creation of a project plan to track and organize the development work. If security flaws are not tracked within the project plan, it is possible the flaws will be overlooked and included in a release. Tracking flaws in the project plan will help identify code elements to be changed as well as the requested change.
STIG Date
Application Security and Development Security Technical Implementation Guide 2018-04-03

Details

Check Text ( C-70837r1_chk )
This requirement is meant to apply to developers or organizations that are doing application development work. If the organization managing the application is not performing or managing the development of the application the requirement is not applicable.

Ask the application representative to demonstrate how security flaws are integrated into the project plan.

If security flaws are not addressed in the project plan or there is no process to introduce security flaws into the project plan, this is a finding.
Fix Text (F-76619r1_fix)
Address security flaws within a project plan to ensure they are tracked and addressed by management.