The ISSO must report all suspected violations of IA policies in accordance with DoD information system IA procedures.

From Application Security and Development Security Technical Implementation Guide

Part of ASDV-PL-002920

Associated with: CCI-000149

SV-84923r1_rule The ISSO must report all suspected violations of IA policies in accordance with DoD information system IA procedures.

Vulnerability discussion

Violations of IA policies must be reviewed and reported. If there are no policies regarding the reporting of IA violations, IA violations may not be tracked or addressed in a proper manner.

Check content

Interview the application representative and review the SOPs to ensure that violations of IA policies are analyzed and reported. If there is no policy for reporting IA violations, this is a finding.

Fix text

Create and maintain a policy to report IA violations.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer