Check: APSC-DV-003130
Application Security and Development STIG:
APSC-DV-003130
(in versions v5 r3 through v4 r2)
Title
Prior to each release of the application, updates to system, or applying patches; tests plans and procedures must be created and executed. (Cat III impact)
Discussion
Without test plans and procedures for application releases or updates, unexpected results may occur which could lead to a denial of service to the application or components. This requirement is meant to apply to developers or organizations that are doing development work when releasing a version update or a patch to the application.
Check Content
If the review is not being done with the developer of the application, this requirement is not applicable. Ask the application representative to provide tests plans, procedures, and results to ensure they are updated for each application release or updates to system patches. If test plans, procedures, and results do not exist, or are not updated for each application release, this is a finding.
Fix Text
Execute tests plans prior to release or patch update.
Additional Identifiers
Rule ID: SV-222644r879887_rule
Vulnerability ID: V-222644
Group Title: SRG-APP-000516
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-003004 |
The organization implements a process for ensuring that organizational plans for conducting security testing associated with organizational information systems continue to be executed in a timely manner. |