UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO will ensure at least one application administrator has registered to receive update notifications, or security alerts, when automated alerts are available.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16835 APP6040 SV-17835r1_rule DCCT-1 Medium
Description
Administrators should register for updates to all COTS and custom developed software, so when security flaws are identified, they can be tracked for testing and updates of the application can be applied.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-17841r1_chk )
Review the components of the application. Deployment personnel should be registered to receive updates to all components of the application, such as Web Server, Application Servers, and Database Servers. Also, if update notifications are provided to any custom developed software, deployment personnel should also register for these updates. Ask the application representative to demonstrate deployment personnel are registered to receive notifications for updates to all the application components including and custom developed software.

1) If the application provides automated alerts for update notifications, and no deployment personnel are registered to receive the alerts, it is a finding.
Fix Text (F-17153r1_fix)
Register administrator to receive updates.