Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39611 | ENTD0120 | SV-51469r1_rule | ECSC-1 ECSD-1 ECSD-2 | Medium |
Description |
---|
Without the approval of the Change Control Authority, data moved from the test and development network into an operational network could pose a risk of containing malicious code or cause other unintended consequences to live operational data. Data moving into operational networks from final stage preparation must always be vetted and approved. |
STIG | Date |
---|---|
Test and Development Zone C Security Technical Implementation Guide | 2018-09-17 |
Check Text ( C-46796r3_chk ) |
---|
Review the change control documentation for the environment to determine whether the organization has prior approval to move data from the test and development environment to the operational network after final testing. If the organization does not keep a change control log or the log exists but is not current, this is a finding. If there isn't any application development occurring in the zone environment, this requirement is not applicable. |
Fix Text (F-44627r2_fix) |
---|
Create a policy to document all finalized projects to gain approval by the Change Control Authority prior to deploying finalized projects to a DoD operational network. |