Free DISA STIG and SRG Library | Vaulted

V-22055

Application repositories set up on the BES must be DoD-approved.

Finding ID
WIR1345-01
Rule ID
SV-25491r2_rule
Severity
Cat II
CCE
(None)
Group Title
Application repositories
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

A DoD application repository must contain only authorized applications and only approved and unaltered versions of those applications. If DoD-approved application repositories are not used, the integrity of applications in the repository would be unknown.

Fix Text

Application repositories will be located on a DoD-controlled server within a DoD enclave.

Check Content

If no application repositories are set up, this check is Not Applicable. Talk to the site BES administrator. Determine if the site has set up an application repository. If yes, verify the repository is DoD-approved. If the repository is not DoD-approved, this is a finding.

Responsibility

Information Assurance Officer