At least one application administrator must be registered to receive update notifications, or security alerts, when automated alerts are available.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-70417	APSC-DV-003340	SV-85039r1_rule		Low

Description
Administrators should register for updates to all COTS and custom-developed software, so when security flaws are identified, they can be tracked for testing and updates of the application can be applied. Admin personnel should be registered to receive updates to all components of the application, such as Web Server, Application Servers, and Database Servers. Also, if update notifications are provided for any custom-developed software, libraries or third-party tools, deployment personnel must also register for these updates.

Description

Administrators should register for updates to all COTS and custom-developed software, so when security flaws are identified, they can be tracked for testing and updates of the application can be applied. Admin personnel should be registered to receive updates to all components of the application, such as Web Server, Application Servers, and Database Servers. Also, if update notifications are provided for any custom-developed software, libraries or third-party tools, deployment personnel must also register for these updates.

STIG	Date
Application Security and Development Security Technical Implementation Guide	2018-12-24

Details

Check Text ( C-70871r1_chk )
Review the components of the application. Ask the application representative to demonstrate deployment personnel are registered to receive notifications for update notification for all of the application components including custom-developed software, libraries and third-party tools. If no deployment personnel are registered to receive the alerts, this is a finding.

Fix Text (F-76653r1_fix)
Register administrators to receive update notifications so they can patch and update applications and application components.