The application server must directly employ or allow the utilization of automated patch management tools to facilitate flaw remediation.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35443	SRG-APP-000271-AS-000172	SV-46730r1_rule		Medium

Description
The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling shall also be addressed expeditiously. Left un-patched, software may be vulnerable to a variety of exploits that could disclose sensitive information or lead to subsequent security breaches. An automated patch management tool can mitigate this risk.

Description

The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling shall also be addressed expeditiously. Left un-patched, software may be vulnerable to a variety of exploits that could disclose sensitive information or lead to subsequent security breaches. An automated patch management tool can mitigate this risk.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43797r1_chk )
Verify the presence of an automated patch management tool. If there is no patch management system or if is not functioning as expected, this is a finding.

Fix Text (F-39987r1_fix)
Incorporate the AS into the automated patch management process.