From Test and Development Zone D Security Technical Implementation Guide
Part of ENTD0120 - Applications moving to operational networks not approved.
Associated with IA controls: ECSC-1, ECSD-2, ECSD-1
Without the approval of the Change Control Authority, data moved from the test and development network into an operational network could pose a risk of containing malicious code or cause other unintended consequences to live operational data. Data moving into operational networks from final stage preparation must always be vetted and approved.
Review the change control documentation for the environment to determine whether the organization has prior approval to move data from the test and development environment to the operational network after final testing. If the organization does not keep a change control log or the log exists but is not current, this is a finding. If there isn't any application development occurring in the zone environment, this requirement is not applicable.
Create a policy to document all finalized projects to gain approval by the Change Control Authority prior to deploying finalized projects to a DoD operational network.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer