Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The organization must sanitize data transferred to test and development environments from DoD operational networks for testing to remove personal and sensitive information exempt from the Freedom of Information Act.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-39621 | ENTD0150 | SV-51479r2_rule | Medium |
| Description |
|---|
| If DoD production data is transferred to a test and development environment and personal or sensitive information has not been sanitized from the data, personal or sensitive information could be exposed or compromised. |
| STIG | Date |
|---|---|
| Test and Development Zone A Security Technical Implementation Guide | 2018-09-17 |
Details
| Check Text ( C-46799r3_chk ) |
|---|
| Determine the data type on systems within the test and development environment. Interview the ISSM or ISSO regarding the connection approval process for housing DoD live operational data or Privacy Act information on any test or development system. If the test and development environment is using live DoD data or Privacy Act information, this is a finding. |
| Fix Text (F-44637r2_fix) |
|---|
| Create organizational policies and procedures to prohibit the use of any live operational DoD data or Privacy Act information in the test and development environment. |