Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Application code must go through a code review prior to deployment into DoD operational networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-39614 | ENTD0130 | SV-51472r1_rule | DCSQ-1 ECSC-1 ECSD-1 ECSD-2 | Medium |
| Description |
|---|
| Prior to release of the application receiving an IATO for deployment into a DoD operational network, the application will have a thorough code review. Along with the proper testing, the code review will specify flaws causing security, compatibility, or reliability concerns that may compromise the operational network. |
| STIG | Date |
|---|---|
| Test and Development Zone A Security Technical Implementation Guide | 2015-12-17 |
Details
| Check Text ( C-46813r2_chk ) |
|---|
| Determine whether there is a policy in place for code review prior to applications being deployed into a DoD operational network. If a code review policy has not been established, this is a finding. If there isn't any application development occurring in the zone environment, this requirement is not applicable. |
| Fix Text (F-44666r1_fix) |
|---|
| Implement a code review policy for applications before deployment into DoD operational networks. |