Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39440 | ENTD0100 | SV-51298r1_rule | ECSC-1 VIVM-1 | Medium |
Description |
---|
Major software vendors release security patches and hotfixes to their products when security vulnerabilities are discovered. It is essential that these updates be applied in a timely manner to prevent unauthorized individuals from exploiting identified vulnerabilities. |
STIG | Date |
---|---|
Test and Development Zone A Security Technical Implementation Guide | 2018-09-17 |
Check Text ( C-46715r3_chk ) |
---|
Determine whether the organization has a patch management solution in place to apply security patches released by the vendor. If a patch management solution has not been implemented and is not functioning to update development systems with the latest patches, this is a finding. If there isn't any application development occurring in the zone environment, this requirement is not applicable. |
Fix Text (F-44453r2_fix) |
---|
Implement a patch management solution to keep development systems up to date with the latest security patches released by the vendor. |