The designer will ensure development of new mobile code includes measures to mitigate the risks identified.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16819 | APP3750 | SV-17819r1_rule | DCMC-1 | Medium |
| Description |
|---|
| New mobile code types may introduce unknown vulnerabilities if a risk assessment is not completed prior to the use of mobile code. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-17818r1_chk ) |
|---|
| Interview the designer and determine if new mobile code is in development. If no new mobile code is in development, this check is not applicable. 1) If new code is being developed determine and a risk assessment has not been performed, it is a finding. |
| Fix Text (F-17127r1_fix) |
|---|
| Remove mobile code or perform a risk assessment on mobile code. |