STIGQter: STIG Summary: VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The vAMI must have security-relevant software updates installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).

DISA Rule

SV-100911r1_rule

Vulnerability Number

V-90261

Group Title

SRG-APP-000456-AS-000266

Rule Version

VRAU-VA-000595

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Develop and implement a site procedure to install security-relevant software updates in a satisfactory timeframe.

Check Contents

Interview the ISSO and/or the SA.

Determine if a local procedure exists to install security-relevant software updates in a satisfactory timeframe.

If a procedure does not exist or is not being followed, this is a finding.

Vulnerability Number

V-90261

Documentable

False

Rule Version

VRAU-VA-000595

Severity Override Guidance

Interview the ISSO and/or the SA.

Determine if a local procedure exists to install security-relevant software updates in a satisfactory timeframe.

If a procedure does not exist or is not being followed, this is a finding.

Check Content Reference

M

Target Key

3449

Comments