|

 
|
| | Name : | Ron Crane | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | .20.7 | Page no. : | | Line no.: | | Comment : | 13a. The Guidelines' configuration management (code management) requirements are toothless, thus giving rise to significant security holes.
While Vol. II, §7 requires the test lab to audit the vendor's configuration management program for effectiveness, nothing prevents an unscrupulous vendor from bypassing the ostensible procedure once the testers leave the premises. | |
|
|