Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35987 | SRG-MPOL-069 | SV-47303r1_rule | High |
Description |
---|
Patches and fixes to an operating system (OS) or application are necessary elements in maintaining the security posture of a system. If one system has been compromised or exposed to a potential vulnerability, the entire infrastructure is at risk. Patches and fixes can be critical security flaws that have been identified and, without their application, may pose a significant risk to DoD data. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2013-07-03 |
Check Text ( C-44224r1_chk ) |
---|
Review the organization’s patch procedure and policy to determine if mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices are updated within an organization defined period after the updates/patches are available. If the organization is not updating or patching within the organization defined period of time, this is a finding. |
Fix Text (F-40514r1_fix) |
---|
Develop procedures to update mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices within the organization defined period after the updates or patches are available. |