IA Control Typo: DCSQ-1 Unix SRR script

by Bruce Brown | 1 Comment

Alex of Le Blog d’Alex
had a good question:

Looking at Unix SRR scripts (January 08 release) I’ve found some PDI’s (vulnerabilities) corresponding to IA control number “DSCQ-1″, which I cannot find in DoD Instructions 8500.2 Feb 6 2003 (neither appears the DSxx Subject Area in table E4.T1.).

Do you know what Subject Area corresponds to DSxx? And what IA control is DSCQ-1?

I’ve googled for it and I can’t find anything neither.

If you answer, please would you mind answering also by email? Thanks by advance.

I don’t think there is a DSCQ. In fact there is no DSXX series of IA Controls. I think that is a typo in the Unix SRR script. A Unix guru security co-worker of mine has found other minor typo’s in the script as well as tons of false positives.

It looks like the script is actually refering to “DCSQ-1”. Looks like they swapped the “CS”

DCSQ-1 Software Quality

Software quality requirements and validation methods
that are focused on the minimization of flawed or malformed
software that can negatively impact integrity or availability
(e.g., buffer overruns) are specified for all software
development initiatives.
DoD 8500.2

If this is not the case than I really don’t know what DCSQ could be.

1 Comment on IA Control Typo: DCSQ-1 Unix SRR script

  1. Alex Dumont
    March 15, 2008 at 1:25 pm (11 years ago)

    Thanks a lot for the answer. It makes a lot of sense.


Leave a Reply

Your email address will not be published. Required fields are marked *

Comment *