UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must directly employ or allow the utilization of automated patch management tools to facilitate flaw remediation.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35443 SRG-APP-000271-AS-000172 SV-46730r1_rule Medium
Description
The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling shall also be addressed expeditiously. Left un-patched, software may be vulnerable to a variety of exploits that could disclose sensitive information or lead to subsequent security breaches. An automated patch management tool can mitigate this risk.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43797r1_chk )
Verify the presence of an automated patch management tool. If there is no patch management system or if is not functioning as expected, this is a finding.
Fix Text (F-39987r1_fix)
Incorporate the AS into the automated patch management process.