Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
A system vulnerability tool must be run on the system monthly.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-939 | GEN006540 | SV-939r2_rule | VIVM-1 | Medium |
| Description |
|---|
| A system vulnerability tool compares file and directory integrity to the baseline. It can alert the system administrator to unauthorized changes in files or directories. Unauthorized changes in files and directories can give a user unauthorized access to system resources. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-886r2_chk ) |
|---|
| Perform the following to check for a security tool executing monthly: # crontab –l Check for the existence of a vulnerability assessment tool being scheduled and run monthly. If no entries exist in the crontab, ask the SA if a vulnerability tool is run monthly. In addition, if the tool is run monthly, ask to see any reports that may have been generated from the tool. If a tool is not run monthly then this a finding. |
| Fix Text (F-1093r2_fix) |
|---|
| Add a monthly cronjob to run the system vulnerability tool. |