Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16782 | APP2140 | SV-17782r1_rule | VIIR-1 VIIR-2 | Medium |
Description |
---|
Without a plan, training, and assistance, users will not know what actions needs to be taken in the event of system attack or system/application compromise. This could result in additional compromise and theft, or degraded system capability. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17758r1_chk ) |
---|
Verify that the organization provides or uses an incident support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents. The support resource must be an integral part of the organization’s incident response capability. This capability is addressed by the DOD CNDSP Program but participation at the organization level must be verified. Interview the application representative to determine if a security incident response process for the application is established. 1) If a security incident response process for the application is not documented, it is a finding. Interview the application representative to determine if a security incident response process contains the following: Identified CNDSP. Reportable incidents are defined. INFCON outlined in the incident response standard operating procedures. A provision exists for user training and annual refresher training. Establishment of an incident response team. Procedure for the plan to be exercised annually. 2) If a security incident response process is not adequate, it is a finding. Interview the application representative to determine if a security incident response process for the application is followed. 3) If a security incident response process for the application is not followed, it is a finding. |
Fix Text (F-16980r1_fix) |
---|
Fully participate in the DOD CNDSP Program as described in DoD Instruction 8530.2 or develop an Incident response Plan. Exercise the Incident Response Plan annually. Provide for user incident response training. Provide an incident support resource that offers advice and assistance to users for the handling and reporting of security incidents. The support resource must be an integral part of the organization's incident response capability. |