The IAO will report all suspected violations of IA policies in accordance with DoD information system IA procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16842 | APP6120 | SV-17842r1_rule | ECAT-2 | Medium |
| Description |
|---|
| All potential sources are monitored for suspected violations of IA policies. If there are not policies regarding the reporting of IA violations, some IA violations may not be tracked or dealt with in a proper manner. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-17849r1_chk ) |
|---|
| Interview the application representative and review the SOPs to ensure that violations of IA policies are analyzed and reported. 1) If there is no policy reporting IA violations, it is a finding. |
| Fix Text (F-17164r1_fix) |
|---|
| Establish an IA policy for reporting violations. |