Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16836 | APP6050 | SV-17836r1_rule | DCCT-1 | Medium |
Description |
---|
Due to viruses, worms, Trojans, and other malicious software, in addition to inevitable weaknesses in code, the necessity to patch critical vulnerabilities is paramount. As part of the general practice of performing application or system administration, it is imperative that security vulnerabilities from the vendor are monitored and patches are tested and applied. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17842r1_chk ) |
---|
Ask the application representative to review the Configuration Management Plan. Ensure procedures exist addressing the test and implementation process for all patches, upgrades, and application deployments. Verify all IPv6 applicable patches have been applied. Verify all vendor provided IPv6 related patches been installed. 1) If required patches are missing, it is a finding. 2) If procedures do not exist or are deficient, it is a finding. |
Fix Text (F-17154r1_fix) |
---|
Install current patches and update configurations. |