The operating system must employ automated mechanisms or must have an application installed that on an organization-defined frequency determines the state of information system components with regard to flaw remediation.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-51373	OSX8-00-00835	SV-65583r1_rule		Medium

Description
Organizations are required to identify information systems containing software affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) and report this information to designated organizational officials with information security responsibilities (e.g., senior information security officers, information system security managers, information systems security officers). To support this requirement, an automated process or mechanism is required. This role is usually assigned to patch management software deployed in order to track the number of systems installed in the network, as well as, the types of software installed on these systems, the corresponding versions and the related flaws that require patching. From an operating system requirement perspective, the operating system must perform this or there must be an application installed performing this function.

Description

Organizations are required to identify information systems containing software affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) and report this information to designated organizational officials with information security responsibilities (e.g., senior information security officers, information system security managers, information systems security officers). To support this requirement, an automated process or mechanism is required. This role is usually assigned to patch management software deployed in order to track the number of systems installed in the network, as well as, the types of software installed on these systems, the corresponding versions and the related flaws that require patching. From an operating system requirement perspective, the operating system must perform this or there must be an application installed performing this function.

STIG	Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG	2015-02-10

Details

Check Text ( C-53713r1_chk )
The system must be defined to use an internal software update server. To check the value of the software update server, run the following command: system_profiler SPConfigurationProfileDataType \| grep "CatalogURL" \| awk '{ print $3 }' \| sed 's/;//' If it is not defined or set to the correct organization-defined value, this is a finding.

Fix Text (F-56173r2_fix)
This should be configured with a configuration profile.