Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must directly employ or allow the utilization of automated patch management tools to facilitate flaw remediation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35443 | SRG-APP-000271-AS-000172 | SV-46730r1_rule | Medium |
| Description |
|---|
| The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling shall also be addressed expeditiously. Left un-patched, software may be vulnerable to a variety of exploits that could disclose sensitive information or lead to subsequent security breaches. An automated patch management tool can mitigate this risk. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43797r1_chk ) |
|---|
| Verify the presence of an automated patch management tool. If there is no patch management system or if is not functioning as expected, this is a finding. |
| Fix Text (F-39987r1_fix) |
|---|
| Incorporate the AS into the automated patch management process. |