UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DCCT-1 Compliance Testing


Overview

A comprehensive set of procedures is implemented that tests all patches, upgrades, and new AIS applications prior to deployment.

MAC / CONF Impact Subject Area
MACI
MACII
MACIII
Medium Security Design and Configuration

Details

Threat
Most information systems throughout an organization are unique.  Patches, upgrades, and new applications can behave quite differently when applied across disparate systems.  It is paramount that steps be taken to maintain the stability of the production IS.  Proper compliance testing provides a reasonable level of assurance that system changes will achieve expected results.

Guidance
1. Each component shall implement a comprehensive set of  test procedures that verify modifications to fielded systems will not be negatively impacted by the introduction of patches, upgrades, or modification.
2. Identify need for upgrade by monitoring appropriate channels such as vendor sites, mailing lists, third party sources, vulnerability scans or other means of detection.
3. Patches shall come from an approved trusted source and be tested and deployed in a timely manner.
4. Follow all prescribed installation procedures associated with the upgrade.

References

  • NIST SP 800-40, Procedures for Handling Security Patches. August 2002
  • DoDI 8500.2, Information Assurance (IA) Implementation, para E3.2.4, E3.2.5.7, 06 February 2003