UCF STIG Viewer Logo

The Release Manager will ensure the access privileges to the configuration management (CM) repository are reviewed every 3 months.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16820 APP4010 SV-17820r1_rule ECPC-1 ECPC-2 Low
Description
Incorrect access privileges to the CM repository can lead to malicious code or unintentional code being introduced into the application.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17819r1_chk )
The CM repository access permissions are not reviewed at least every three months.

If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable.

Ask the application representative when the last time the access privileges were reviewed.

1) If access privileges were reviewed within the last three months, this is not a finding.
Fix Text (F-17129r1_fix)
Review access privileges to the CM repository at least every three months.