Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000516
SRG-APP-000516
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000516
1 Rule
<GroupDescription></GroupDescription>
The Configuration Management (CM) repository must be properly patched and STIG compliant.
Medium Severity
<VulnDiscussion>A Configuration Management (CM) repository is used to manage application code versions and to securely store application code. Failure to properly apply security patches and secure the software Configuration Management system could affect the confidentiality and integrity of the application source-code. Compromise of the Configuration Management system could lead to unauthorized changes to applications including the addition of malware, root kits, back doors, logic bombs or other malicious functions into valid application code. This requirement is intended to be applied to application developers or organizations responsible for code management or who have and operate an application CM repository.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>