Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-222623 | APSC-DV-002920 | SV-222623r864408_rule | Medium |
Description |
---|
Violations of IA policies must be reviewed and reported. If there are no policies regarding the reporting of IA violations, IA violations may not be tracked or addressed in a proper manner. |
STIG | Date |
---|---|
Application Security and Development Security Technical Implementation Guide | 2022-09-21 |
Check Text ( C-24293r493777_chk ) |
---|
Interview the application representative and review the SOPs to ensure that violations of IA policies are analyzed and reported. If there is no policy for reporting IA violations, this is a finding. |
Fix Text (F-24282r493778_fix) |
---|
Create and maintain a policy to report IA violations. |