The latest software loads and patches are NOT applied to all systems to take advantage of security enhancements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-8531	DSN17.04	SV-9028r1_rule	ECSC-1	Medium

Description
Requirement: The IAO will ensure that the latest software loads and patches are applied to all systems to take advantage of security enhancements. Many vendors provide patches or new versions of software to incorporate mitigations for newly discovered security vulnerabilities. In some cases this is the only way to mitigate a threat to the system. SAs are therefore required to use the latest vendor provided software or patch that addresses security. This is not the case if the new software only provides additional features or a patch only resolves a operational issue or bug.

Description

Requirement: The IAO will ensure that the latest software loads and patches are applied to all systems to take advantage of security enhancements. Many vendors provide patches or new versions of software to incorporate mitigations for newly discovered security vulnerabilities. In some cases this is the only way to mitigate a threat to the system. SAs are therefore required to use the latest vendor provided software or patch that addresses security. This is not the case if the new software only provides additional features or a patch only resolves a operational issue or bug.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7594r1_chk )
Review current configuration files of effected devices to confirm compliance.

Fix Text (F-8033r1_fix)
> Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.