SV-33016r2_rule
V-13613
WA230
WA230 W22
CAT II
10
Establish a detailed process as part of the configuration management plan to stay compliant with all web server security-related patches.
Query the web administrator to determine if the site has a detailed process as part of its configuration management plan to stay compliant with all security-related patches.
Proposed Questions:
How does the SA stay current with web server vendor patches?
How is the SA notified when a new security patch is issued by the vendor? (Exclude the IAVM.)
What is the process followed for applying patches to the web server?
If the site is not in compliance with all applicable security patches, this is a finding.
V-13613
False
WA230 W22
Query the web administrator to determine if the site has a detailed process as part of its configuration management plan to stay compliant with all security-related patches.
Proposed Questions:
How does the SA stay current with web server vendor patches?
How is the SA notified when a new security patch is issued by the vendor? (Exclude the IAVM.)
What is the process followed for applying patches to the web server?
If the site is not in compliance with all applicable security patches, this is a finding.
M
Information Assurance Officer
158