STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Application Security and Development Security Technical Implementation Guide

V-222652

CAT II (Medium)

Security flaws must be fixed or addressed in the project plan.

Rule ID

SV-222652r961863_rule

STIG

Application Security and Development Security Technical Implementation Guide

Version

V6R4

CCIs

CCI-003178

Discussion

This requirement is meant to apply to developers or organizations that are doing application development work. Application development efforts include the creation of a project plan to track and organize the development work. If security flaws are not tracked within the project plan, it is possible the flaws will be overlooked and included in a release. Tracking flaws in the project plan will help identify code elements to be changed as well as the requested change.

Check Content

This requirement is meant to apply to developers or organizations that are doing application development work. If the organization managing the application is not performing or managing the development of the application the requirement is not applicable.

Ask the application representative to demonstrate how security flaws are integrated into the project plan.

If security flaws are not addressed in the project plan or there is no process to introduce security flaws into the project plan, this is a finding.

Fix Text

Address security flaws within a project plan to ensure they are tracked and addressed by management.