Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The UEM server must remove old software components after updated versions have been installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-234603 | SRG-APP-000454-UEM-000328 | SV-234603r617355_rule | Medium |
| Description |
|---|
| Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system. If the update is due to a security issue with the old version of the app, the old version is not reinstalled. If rollback files are used by the server, they must be stored so as to not be easily accessible to the production system, or cannot be accidentally installed on the operational system, and then must be deleted after a short period of time defined by the organization. |
| STIG | Date |
|---|---|
| Unified Endpoint Management Server Security Requirements Guide | 2020-12-14 |
Details
| Check Text ( C-37788r615443_chk ) |
|---|
| Verify the UEM server removes old software components after updated versions have been installed. If the UEM server does not remove old software components after updated versions have been installed, this is a finding. |
| Fix Text (F-37753r615444_fix) |
|---|
| Configure the UEM server to remove old software components after updated versions have been installed. |