Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Code coverage statistics must be maintained for each release of the application.

    &lt;VulnDiscussion&gt;This requirement is meant to apply to developers or organizations that are doing application development work. Code coverage...
    Rule Low Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Flaws found during a code review must be tracked in a defect tracking system.

    &lt;VulnDiscussion&gt;This requirement is meant to apply to developers or organizations that are doing application development work. If flaws are ...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The changes to the application must be assessed for IA and accreditation impact prior to implementation.

    &lt;VulnDiscussion&gt;When changes are made to an application, either in the code or in the configuration of underlying components such as the OS o...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Security flaws must be fixed or addressed in the project plan.

    &lt;VulnDiscussion&gt;This requirement is meant to apply to developers or organizations that are doing application development work. Application d...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The application development team must follow a set of coding standards.

    &lt;VulnDiscussion&gt;Coding standards are guidelines established by the development team or individual developers that recommend programming style...
    Rule Low Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The designer must create and update the Design Document for each release of the application.

    &lt;VulnDiscussion&gt;This requirement is meant to apply to developers or organizations that are doing application development work. The applicati...
    Rule Low Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Threat models must be documented and reviewed for each application release and updated as required by design and functionality changes or when new threats are discovered.

    &lt;VulnDiscussion&gt;Threat modeling is an approach for analyzing the security of an application. It is a structured approach that enables you to ...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The application must not be subject to error handling vulnerabilities.

    &lt;VulnDiscussion&gt;Error handling is the failure to check the return values of functions or catch top level exceptions within a program. Imprope...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The application development team must provide an application incident response plan.

    &lt;VulnDiscussion&gt;An application incident response process is managed by the development team and should include a method for individuals to su...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • All products must be supported by the vendor or the development team.

    &lt;VulnDiscussion&gt;Unsupported commercial and government developed software products should not be used because fixes to newly identified bugs w...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules