UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Development systems must be part of a patch management solution.


Overview

Finding ID Version Rule ID IA Controls Severity
V-39440 ENTD0100 SV-51298r1_rule ECSC-1 VIVM-1 Medium
Description
Major software vendors release security patches and hotfixes to their products when security vulnerabilities are discovered. It is essential that these updates be applied in a timely manner to prevent unauthorized individuals from exploiting identified vulnerabilities.
STIG Date
Test and Development Zone C Security Technical Implementation Guide 2015-12-17

Details

Check Text ( C-46715r3_chk )
Determine whether the organization has a patch management solution in place to apply security patches released by the vendor. If a patch management solution has not been implemented and is not functioning to update development systems with the latest patches, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.
Fix Text (F-44453r2_fix)
Implement a patch management solution to keep development systems up to date with the latest security patches released by the vendor.