An error occurred:

Check: APSC-DV-002920

Application Security and Development STIG: APSC-DV-002920 (in versions v5 r3 through v4 r2)

Title

The ISSO must report all suspected violations of IA policies in accordance with DoD information system IA procedures. (Cat II impact)

Discussion

Violations of IA policies must be reviewed and reported. If there are no policies regarding the reporting of IA violations, IA violations may not be tracked or addressed in a proper manner.

Check Content

Interview the application representative and review the SOPs to ensure that violations of IA policies are analyzed and reported. If there is no policy for reporting IA violations, this is a finding.

Fix Text

Create and maintain a policy to report IA violations.

Additional Identifiers

Rule ID: SV-222623r879887_rule

Vulnerability ID: V-222623

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000149

The organization reports any findings to organization-defined personnel or roles for indications of organization-defined inappropriate or unusual activity.
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-6

Audit Review, Analysis, And Reporting
CM-6

Configuration Settings