Alex of Le Blog d’Alex
had a good question:
Looking at Unix SRR scripts (January 08 release) I’ve found some PDI’s (vulnerabilities) corresponding to IA control number “DSCQ-1″, which I cannot find in DoD Instructions 8500.2 Feb 6 2003 (neither appears the DSxx Subject Area in table E4.T1.).
Do you know what Subject Area corresponds to DSxx? And what IA control is DSCQ-1?
I’ve googled for it and I can’t find anything neither.
If you answer, please would you mind answering also by email? Thanks by advance.
I don’t think there is a DSCQ. In fact there is no DSXX series of IA Controls. I think that is a typo in the Unix SRR script. A Unix guru security co-worker of mine has found other minor typo’s in the script as well as tons of false positives.
It looks like the script is actually refering to “DCSQ-1”. Looks like they swapped the “CS”
DCSQ-1 Software Quality
Software quality requirements and validation methods
that are focused on the minimization of flawed or malformed
software that can negatively impact integrity or availability
(e.g., buffer overruns) are specified for all software
If this is not the case than I really don’t know what DCSQ could be.