Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16832 | APP5110 | SV-17832r1_rule | DCSQ-1 | Medium |
Description |
---|
If security flaws are not tracked, they may possibly be forgotten to be included in a release. Tracking flaws in the project plan will help identify code elements to be changed as well as the requested change. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17831r1_chk ) |
---|
Ask the application representative to demonstrate how security flaws are integrated into the project plan. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. 1) If security flaws are not addressed in the project plan or there is no process to introduce security flaws into the project plan, it is a finding. |
Fix Text (F-17149r1_fix) |
---|
Address security flaws in the project plan. |