Applications providing patch management capabilities must support the organizational requirements to install software updates automatically.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35681	SRG-APP-000269-AS-NA	SV-46968r1_rule		Medium

Description
Security faults with software applications and operating systems are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously. The requirement is NA. The AS does not provide a patch management capability.

Description

Security faults with software applications and operating systems are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously. The requirement is NA. The AS does not provide a patch management capability.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-44023r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40223r1_fix)
The requirement is NA. No fix is required.