UCF STIG Viewer Logo

The DSN local system must use approved software updates and patches for all components.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8532 DSN17.05 SV-9029r2_rule Medium
Description
All patches and new system software must be tested on non-production systems and hardware prior to use to determine the effects the new software will have on systems operations and security. Approved products are listed on the DoD Approved Products list (APL) to include the specific versions and releases. Additionally, the Information Assurance Vulnerability Management (IAVM) system provides information on versions and releases that may have security issues, to include zero-day vulnerabilities. The Authorizing Official (AO) can accept the risk of using software updates or patches on the system when mission essential.
STIG Date
Defense Switched Network (DSN) STIG 2017-01-19

Details

Check Text ( C-62267r1_chk )
Review site documentation to confirm the DSN local system uses approved software updates and patches for all components. Approved software updates and patches are listed in the DoD Approved Products List (APL). Additional requirements are provided in the Information Assurance Vulnerability Management (IAVM) system. The Authorizing Official (AO) can also approve software updates or patches. If the DSN local system is not using approved software updates and patches for all components, this is a finding.
Fix Text (F-67181r1_fix)
Implement and document the DSN local system with approved software updates and patches for all components.