Skip to content

Application Security and Development Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • New IP addresses, data services, and associated ports used by the application must be submitted to the appropriate approving authority for the organization, which in turn will be submitted through the DoD Ports, Protocols, and Services Management (DoD PPSM)

    &lt;VulnDiscussion&gt;Failure to comply with DoD Ports, Protocols, and Services (PPS) Vulnerability Analysis and associated PPS mitigations may res...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The application must be registered with the DoD Ports and Protocols Database.

    &lt;VulnDiscussion&gt;Failure to register the applications usage of ports, protocols, and services with the DoD PPS Database may result in a Denial...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Test procedures must be created and at least annually executed to ensure system initialization, shutdown, and aborts are configured to verify the system remains in a secure state.

    &lt;VulnDiscussion&gt;Secure state assurance cannot be accomplished without testing the system state at least annually to ensure the system remains...
    Rule Low Severity
  • The Configuration Management (CM) repository must be properly patched and STIG compliant.

    &lt;VulnDiscussion&gt;A Configuration Management (CM) repository is used to manage application code versions and to securely store application code...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Access privileges to the Configuration Management (CM) repository must be reviewed every three months.

    &lt;VulnDiscussion&gt;A Configuration Management (CM) repository is used to manage application code versions and to securely store application code...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules