Skip to content
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000516
A Configuration Control Board (CCB) that meets at least every release cycle, for managing the Configuration Management (CM) process must be established.
A Configuration Control Board (CCB) that meets at least every release cycle, for managing the Configuration Management (CM) process must be established. An XCCDF Rule
A Configuration Control Board (CCB) that meets at least every release cycle, for managing the Configuration Management (CM) process must be established.
Medium Severity
<VulnDiscussion>Software Configuration Management (SCM) is very important in tracking code releases, baselines, and managing access to the configuration management repository. An SCM plan or charter identifies what should be under configuration management control. Without an SCM plan and a CCB, application releases can't be tracked and vulnerabilities can be inserted intentionally or unintentionally into the code base of the application.
This requirement is intended to be applied to application developers or organizations responsible for code management or who have and operate an application CM repository.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>