UCF STIG Viewer Logo

The organization must document and gain approval from the Change Control Authority prior to migrating data to DoD operational networks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-39611 ENTD0120 SV-51469r1_rule ECSC-1 ECSD-1 ECSD-2 Medium
Description
Without the approval of the Change Control Authority, data moved from the test and development network into an operational network could pose a risk of containing malicious code or cause other unintended consequences to live operational data. Data moving into operational networks from final stage preparation must always be vetted and approved.
STIG Date
Test and Development Zone A Security Technical Implementation Guide 2018-09-17

Details

Check Text ( C-46796r3_chk )
Review the change control documentation for the environment to determine whether the organization has prior approval to move data from the test and development environment to the operational network after final testing. If the organization does not keep a change control log or the log exists but is not current, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.
Fix Text (F-44627r2_fix)
Create a policy to document all finalized projects to gain approval by the Change Control Authority prior to deploying finalized projects to a DoD operational network.