STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Security-relevant software updates and patches must be kept up to date.

DISA Rule

SV-222614r508029_rule

Vulnerability Number

V-222614

Group Title

SRG-APP-000456

Rule Version

APSC-DV-002630

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Check for application updates at least weekly and apply patches immediately or in accordance with POA&Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.

Check Contents

Review the application documentation to identify application versions and patching.

Interview the application administrator and inquire about patching process.

Review IAVMs and CTOs to determine if the application is being updated in accordance with authoritative sources.

If application updates are not checked on at least on a weekly basis and applied immediately or in accordance with POA&Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources, this is a finding.

Vulnerability Number

V-222614

Documentable

False

Rule Version

APSC-DV-002630

Severity Override Guidance

Review the application documentation to identify application versions and patching.

Interview the application administrator and inquire about patching process.

Review IAVMs and CTOs to determine if the application is being updated in accordance with authoritative sources.

If application updates are not checked on at least on a weekly basis and applied immediately or in accordance with POA&Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources, this is a finding.

Check Content Reference

M

Target Key

4093

Comments