Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The application development team must provide an application incident response plan.
<VulnDiscussion>An application incident response process is managed by the development team and should include a method for individuals to su...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
All products must be supported by the vendor or the development team.
<VulnDiscussion>Unsupported commercial and government developed software products should not be used because fixes to newly identified bugs w...Rule High Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The application must be decommissioned when maintenance or support is no longer available.
<VulnDiscussion>Unsupported software products should not be used because fixes to newly identified bugs will not be implemented by the vendor...Rule High Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Procedures must be in place to notify users when an application is decommissioned.
<VulnDiscussion>When maintenance no longer exists for an application, there are no individuals responsible for making security updates. The a...Rule Low Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Unnecessary built-in application accounts must be disabled.
<VulnDiscussion>Default passwords and properties of built-in accounts are often publicly available. Anyone with necessary knowledge, internal...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.