The Test Manager will ensure the application does not modify data files outside the scope of the application.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6147	APP5030	SV-6147r1_rule	ECRC-1	Medium

Description
Modifying data or files outside the scope of the application could lead to system instability in the event of an application problem. Also, a problem with this application could effect the operation of another application.

STIG	Date
Application Security and Development Checklist	2014-12-22

Details

Check Text ( C-3054r1_chk )
On each computer in the application infrastructure, search the file system for files created or modified in the past week. If the response is too voluminous (more than 200 files), find the files created or modified in the past day. Search through the list for files and identify those that appear to be outside the scope of the application. Ask the application representative how the file relates to the application. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. 1) If the creation or modification of the file does not have a clear purpose, it is a finding. The finding details should include the full path of the file. The method described above may not catch all instances of out-of-scope modifications because the file(s) may have been modified prior to the threshold date or because the files may be residing on a system other than those examined. If additional information is obtained later in the review regarding improper modification of files, revisit this check. This information may be uncovered when the reviewer obtains more detailed knowledge of how the application works during subsequent checks.

Check Text ( C-3054r1_chk )

On each computer in the application infrastructure, search the file system for files created or modified in the past week. If the response is too voluminous (more than 200 files), find the files created or modified in the past day. Search through the list for files and identify those that appear to be outside the scope of the application. Ask the application representative how the file relates to the application.

If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable.

1) If the creation or modification of the file does not have a clear purpose, it is a finding.

The finding details should include the full path of the file.

The method described above may not catch all instances of out-of-scope modifications because the file(s) may have been modified prior to the threshold date or because the files may be residing on a system other than those examined. If additional information is obtained later in the review regarding improper modification of files, revisit this check. This information may be uncovered when the reviewer obtains more detailed knowledge of how the application works during subsequent checks.

Fix Text (F-17140r1_fix)
Restrict the application to modify data files within the scope of the application.