UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Test Manager will ensure a code review is performed before the application is released.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16829 APP5080 SV-17829r1_rule DCSQ-1 Medium
Description
Code reviews should be done prior to an application release. Code reviews can be done any time during the software development lifecycle, but it is important to perform code reviews with code that will be released as part of the application.
STIG Date
Application Security and Development Checklist 2013-07-16

Details

Check Text ( C-17828r1_chk )
Ask the application representative to provide evidence of code reviews.

If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable.

1) If code is not being reviewed or only some application components are being reviewed, it is a finding.

2) If the code reviews indicate hard-coded IPv4 or IPV6 addresses, it is a finding.
Fix Text (F-17146r1_fix)
Perform manual code reviews or use automated code review tools.