UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Test Manager will ensure flaws found during a code review are tracked in a defect tracking system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16830 APP5090 SV-17830r1_rule DCSQ-1 Medium
Description
If flaws are not tracked they may possibly be forgotten to be included in a release. Tracking flaws in the configuration management repository will help identify code elements to be changed, as well as the requested change.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17829r1_chk )
Ask the application representative to demonstrate that the configuration management repository captures flaws in the code review process. The configuration management repository may consist of a separate application for capturing code defects.

If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable.

1) If there is no configuration management repository or the code review flaws are not captured in the configuration management repository, it is a finding.
Fix Text (F-17147r1_fix)
Track flaws found during a code review.