Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16837 | APP6060 | SV-17837r1_rule | DCSD-1 ECSC-1 | High |
Description |
---|
When maintenance no longer exists for an application, there are no individuals responsible for providing security updates. The application is no longer supported, and should be decommissioned. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17843r1_chk ) |
---|
Interview the application representative and determine if all the application components are under maintenance. The entire application may be covered by a single maintenance agreement. The application should be decommissioned if maintenance or security support is no longer being provided by the vendor or by the development staff of a custom developed application. 1) If the application or any of the application components are not being maintained, it is a finding. |
Fix Text (F-17157r1_fix) |
---|
Ensure there is maintenance for the application. |