From Application Security and Development Security Technical Implementation Guide
Part of ASDV-PL-002970
Associated with: CCI-000363
Not all COTS products are covered by a STIG. Those products not covered by a STIG, should follow commercially accepted best practices, independent testing results and vendors lock down guides and recommendations if they are available.
Review the application documentation to identify application name, features and version. Identify if a DoD STIG or NSA guide is available. If no STIG is available for the product, the application and application components must be configured by the following as available: - commercially accepted practices, - independent testing results, or - vendor literature and lock down guides. If the application and application components do not have DoD STIG or NSA guidance available and are not configured according to: commercially accepted practices, independent testing results, or vendor literature and lock down guides, this is a finding.
Configure the application according to the product STIG or when a STIG is not available, utilize: - commercially accepted practices, - independent testing results, or - vendor literature and lock down guides.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer