UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must support organizational requirements to employ automated patch management tools to facilitate flaw remediation to organization defined information system components.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32575 SRG-APP-000271-DB-000156 SV-42912r1_rule Low
Description
The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling, shall also be addressed expeditiously. Due to information system integrity and availability concerns, organizations shall give careful consideration to the methodology used to carry out automatic updates. Automated patch management can be useful in ensuring that appropriate patches are scheduled and applied to databases as required. DBAs often support multiple databases in different environments and with different classification levels. This can lead to confusion if patch management is not automated, leading to inconsistent patching.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-41014r1_chk )
Review DBMS vendor documentation to determine whether the DBMS supports automated patch management. If the DBMS does not provide this functionality determine whether a third party product is being used for automated patch management. If the DBMS does not support automated patch management, and a third party product is not utilized to provide this functionality, this is a finding.
Fix Text (F-36490r1_fix)
Utilize a DBMS product that supports automated patch management or implement a third party product to provide this functionality.