Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
At least one tester must be designated to test for security flaws in addition to functional testing.
<VulnDiscussion>If there is no person designated to test for security flaws, vulnerabilities can potentially be missed during testing. This ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
An application code review must be performed on the application.
<VulnDiscussion>A code review is a systematic evaluation of computer source code conducted for the purposes of identifying and remediating th...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Code coverage statistics must be maintained for each release of the application.
<VulnDiscussion>This requirement is meant to apply to developers or organizations that are doing application development work. Code coverage...Rule Low Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Flaws found during a code review must be tracked in a defect tracking system.
<VulnDiscussion>This requirement is meant to apply to developers or organizations that are doing application development work. If flaws are ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The changes to the application must be assessed for IA and accreditation impact prior to implementation.
<VulnDiscussion>When changes are made to an application, either in the code or in the configuration of underlying components such as the OS o...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.