Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16820 | APP4010 | SV-17820r1_rule | ECPC-1 ECPC-2 | Low |
Description |
---|
Incorrect access privileges to the CM repository can lead to malicious code or unintentional code being introduced into the application. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17819r1_chk ) |
---|
The CM repository access permissions are not reviewed at least every three months. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. Ask the application representative when the last time the access privileges were reviewed. 1) If access privileges were reviewed within the last three months, this is not a finding. |
Fix Text (F-17129r1_fix) |
---|
Review access privileges to the CM repository at least every three months. |