The proper application of this standard would enable a system to comply with the following requirements from the Application Security and Development Security Technical Implementation Guide, Version 2, Release 1 [DISA 2008]:

• (APP2060.1: CAT II) The Program Manager will ensure the development team follows a set of coding standards.

• (APP2060.2: CAT II) The Program Manager will ensure the development team creates a list of unsafe functions to avoid and document this list in the coding standards.

• (APP3550: CAT I) The Designer will ensure the application is not vulnerable to integer arithmetic issues.

• (APP3560: CAT I) The Designer will ensure the application does not contain format string vulnerabilities.

• (APP3570: CAT I) The Designer will ensure the application does not allow Command Injection.

• (APP3590.1: CAT I) The Designer will ensure the application does not have buffer overflows.

• (APP3590.2: CAT I) The Designer will ensure the application does not use functions known to be vulnerable to buffer overflows.

• (APP3590.3: CAT II) The Designer will ensure the application does not use signed values for memory allocation where permitted by the programming language.

• (APP3600: CAT II) The Designer will ensure the application has no canonical representation vulnerabilities.

• (APP3630.1: CAT II) The Designer will ensure the application is not vulnerable to race conditions.

• (APP3630.2: CAT III) The Designer will ensure the application does not use global variables when local variables could be used.

Training programmers and software testers on the standard will satisfy requirements:

• (APP2120.3: CAT II) The Program Manager will ensure developers are provided with training on secure design and coding practices on at least an annual basis.

• (APP2120.4: CAT II) The Program Manager will ensure testers are provided annual training.

• (APP2060.3: CAT II) The Designer will follow the established coding standards established for the project.

• (APP2060.4: CAT II) The Designer will not use unsafe functions documented in the project
  coding standards.

• (APP5010: CAT III) The Test Manager will ensure at least one tester is designated to test for security flaws in addition to functional testing.