UCF STIG Viewer Logo

Application code must go through a code review prior to deployment into DoD operational networks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-39614 ENTD0130 SV-51472r1_rule DCSQ-1 ECSC-1 ECSD-1 ECSD-2 Medium
Description
Prior to release of the application receiving an IATO for deployment into a DoD operational network, the application will have a thorough code review. Along with the proper testing, the code review will specify flaws causing security, compatibility, or reliability concerns that may compromise the operational network.
STIG Date
Test and Development Zone A Security Technical Implementation Guide 2015-12-17

Details

Check Text ( C-46813r2_chk )
Determine whether there is a policy in place for code review prior to applications being deployed into a DoD operational network. If a code review policy has not been established, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.
Fix Text (F-44666r1_fix)
Implement a code review policy for applications before deployment into DoD operational networks.