Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-21519 | APP2135 | SV-23731r1_rule | DCSQ-1 | High |
Description |
---|
Unsupported software products should not be used because of the unknown potential vulnerabilities. Any vulnerability associated with a DoD Information system or system enclave, the exploitation of which, by a risk factor, will directly and immediately result in loss of Confidentiality, Availability or Integrity of the system associated data. Unsupported software where there is no documented acceptance of DAA risk. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-27014r1_chk ) |
---|
Ask the application representative for the design document. Review the design document for all software components. Ask the application representative for proof that the application and all of its components are supported. Examples of proof may include: design documentation that includes support information, support specific contract documentation, successful creation of vendor support tickets, web site toll free support phone numbers etcetera." If any of the software components are not supported by a vendor, it is a finding. |
Fix Text (F-23084r1_fix) |
---|
Remove or decommission all unsupported software products in the application. |