Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-70367 | APSC-DV-003130 | SV-84989r1_rule | Low |
Description |
---|
Without test plans and procedures for application releases or updates, unexpected results may occur which could lead to a denial of service to the application or components. This requirement is meant to apply to developers or organizations that are doing development work when releasing a version update or a patch to the application. |
STIG | Date |
---|---|
Application Security and Development Security Technical Implementation Guide | 2020-06-12 |
Check Text ( C-70821r1_chk ) |
---|
If the review is not being done with the developer of the application, this requirement is not applicable. Ask the application representative to provide tests plans, procedures, and results to ensure they are updated for each application release or updates to system patches. If test plans, procedures, and results do not exist, or are not updated for each application release, this is a finding. |
Fix Text (F-76603r1_fix) |
---|
Execute tests plans prior to release or patch update. |