DISA APPLICATION SECURITY AND DEVELOPMENT SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) (VER. 2, REL. 1) (24 JUL 2008)

DISA APPLICATION SECURITY AND DEVELOPMENT SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) (VER. 2, REL. 1) (24 JUL 2008)., This Application Security and Development Security Technical Implementation Guide (STIG) provides security guidance for use throughout the application development lifecycle. This STIG provides the guidance needed to promote the development, integration, and updating of secure applications. Subjects covered in this document are: development, design, testing, conversions and upgrades for existing applications, maintenance, software configuration management, education, and training. Defense Information Systems Agency (DISA) encourages sites to use these guidelines as early as possible in the application development process. Some vulnerabilities may require significant application changes to correct. The earlier the STIG requirements are integrated into the development lifecycle, the less disruptive the remediation process will be. This document is a requirement for all DoD developed, architected, and administered applications and systems connected to DoD networks. These requirements assist Application Development Program Managers, Application Designers, Release Managers, Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls for applications. The requirements listed can be used to evaluate custom developed applications and Commercial off the Shelf (COTS) software packages as well. Some requirements are not applicable to COTS software packages.