The operating system must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-47965 | SOL-11.1-090110 | SV-60837r1_rule | Medium |
| Description |
|---|
| Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws. |
| STIG | Date |
|---|---|
| Solaris 11 SPARC Security Technical Implementation Guide | 2017-03-02 |
Details
| Check Text ( C-50401r2_chk ) |
|---|
| The operator will ensure that a DoD approved HBSS is installed, configured, and properly operating. Ask the operator to document the HBSS software installation and configuration. If the operator is not able to provide a documented configuration for an installed HBSS or if the HBSS is not properly configured, maintained, or used, this is a finding. |
| Fix Text (F-51577r1_fix) |
|---|
| The operator will ensure that a DoD approved HBSS software is installed and operating continuously. |