DISA APPLICATION SECURITY AND DEVELOPMENT SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) (VER. 2, REL. 1) (24 JUL 2008)
DISA APPLICATION SECURITY AND DEVELOPMENT SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) (VER. 2, REL. 1) (24 JUL 2008)., This Application Security and Development Security Technical Implementation Guide (STIG)
provides security guidance for use throughout the application development lifecycle. This STIG
provides the guidance needed to promote the development, integration, and updating of secure
applications. Subjects covered in this document are: development, design, testing, conversions
and upgrades for existing applications, maintenance, software configuration management,
education, and training. Defense Information Systems Agency (DISA) encourages sites to use
these guidelines as early as possible in the application development process. Some vulnerabilities
may require significant application changes to correct. The earlier the STIG requirements are
integrated into the development lifecycle, the less disruptive the remediation process will be. This document is a requirement for all DoD developed, architected, and administered
applications and systems connected to DoD networks. These requirements assist Application
Development Program Managers, Application Designers, Release Managers, Security Managers
(SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and
System Administrators (SAs) with configuring and maintaining security controls for
applications. The requirements listed can be used to evaluate custom developed applications and
Commercial off the Shelf (COTS) software packages as well. Some requirements are not
applicable to COTS software packages.