Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-8532 | DSN17.05 | SV-9029r2_rule | ECSC-1 | Medium |
Description |
---|
All patches and new system software must be tested on non-production systems and hardware prior to use to determine the effects the new software will have on systems operations and security. Approved products are listed on the DoD Approved Products list (APL) to include the specific versions and releases. Additionally, the Information Assurance Vulnerability Management (IAVM) system provides information on versions and releases that may have security issues, to include zero-day vulnerabilities. The Authorizing Official (AO) can accept the risk of using software updates or patches on the system when mission essential. |
STIG | Date |
---|---|
Defense Switched Network (DSN) STIG | 2015-08-11 |
Check Text ( C-62267r1_chk ) |
---|
Review site documentation to confirm the DSN local system uses approved software updates and patches for all components. Approved software updates and patches are listed in the DoD Approved Products List (APL). Additional requirements are provided in the Information Assurance Vulnerability Management (IAVM) system. The Authorizing Official (AO) can also approve software updates or patches. If the DSN local system is not using approved software updates and patches for all components, this is a finding. |
Fix Text (F-67181r1_fix) |
---|
Implement and document the DSN local system with approved software updates and patches for all components. |