UCF STIG Viewer Logo

Application code must go through a code review prior to deployment into DoD operational networks.


Finding ID Version Rule ID IA Controls Severity
V-39614 ENTD0130 SV-51472r1_rule DCSQ-1 ECSC-1 ECSD-1 ECSD-2 Medium
Prior to release of the application receiving an IATO for deployment into a DoD operational network, the application will have a thorough code review. Along with the proper testing, the code review will specify flaws causing security, compatibility, or reliability concerns that may compromise the operational network.
Test and Development Zone C Security Technical Implementation Guide 2018-09-17


Check Text ( C-46813r2_chk )
Determine whether there is a policy in place for code review prior to applications being deployed into a DoD operational network. If a code review policy has not been established, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.
Fix Text (F-44666r1_fix)
Implement a code review policy for applications before deployment into DoD operational networks.