Systems residing in a Zone A test/development environment are not STIG compliant. POA&Ms are not in place to address any open findings for systems.

Part of Zone A systems not STIG compliant.

Associated with IA controls: ECSC-1

SV-15072r1_rule Systems residing in a Zone A test/development environment are not STIG compliant. POA&Ms are not in place to address any open findings for systems.

Vulnerability discussion

Zone A systems require external (live/production) access to perform their final stage testing. This zone requires full compliance with the appropriate STIGs and utilizes a Connection Approval Process (CAP). All incoming/outgoing network connections will be controlled and configured in accordance with the STIGs. No external to internal network initiated connections will be authorized unless utilizing a STIG compliant DMZ. Zone A systems may mirror a live, production environment for final stage testing and development.

Check content

Review the connection approval documentation to ensure systems residing in Zone A are required to be STIG compliant. Review a sampling of systems within Zone A.

Fix text

The IAO will ensure all systems that reside in Zone A are fully STIG compliant. STIG compliant means that all open findings are either closed on a system, or there is a POA&M to address any open findings.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.