Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16786 | APP3110 | SV-17786r1_rule | DCSD-1 | Medium |
Description |
---|
If functionality is enabled that is not required for operation of the application, this functionality may be exploited without knowledge because the functionality is not required by anyone. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17771r1_chk ) |
---|
Ask the application representative to review the installation guide to determine what functionality is installed and enabled by default on installation of the application. Examples may include the following: Functions that send information back to the vendor. E-mail functions enabled when not required for functionality. 1) If the application installs with functionality which is unnecessary and enabled by default, it is a finding. |
Fix Text (F-16993r1_fix) |
---|
Remove or disable unnecessary functionality. |