Development systems must be part of a patch management solution.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-39440 | ENTD0100 | SV-51298r1_rule | ECSC-1 VIVM-1 | Medium |
| Description |
|---|
| Major software vendors release security patches and hotfixes to their products when security vulnerabilities are discovered. It is essential that these updates be applied in a timely manner to prevent unauthorized individuals from exploiting identified vulnerabilities. |
| STIG | Date |
|---|---|
| Test and Development Zone B Security Technical Implementation Guide | 2015-12-17 |
Details
| Check Text ( C-46715r3_chk ) |
|---|
| Determine whether the organization has a patch management solution in place to apply security patches released by the vendor. If a patch management solution has not been implemented and is not functioning to update development systems with the latest patches, this is a finding. If there isn't any application development occurring in the zone environment, this requirement is not applicable. |
| Fix Text (F-44453r2_fix) |
|---|
| Implement a patch management solution to keep development systems up to date with the latest security patches released by the vendor. |