STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

DISA Rule

SV-70287r3_rule

Vulnerability Number

V-56033

Group Title

SRG-APP-000456-WSR-000187

Rule Version

SRG-APP-000456-WSR-000187

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Configure the web server to check for patches and updates from an authoritative source at least every 30 days.

Check Contents

Review the web server documentation and configuration to determine if the web server checks for patches from an authoritative source at least every 30 days.

If there is no timeframe or the timeframe is greater than 30 days, this is a finding.

Vulnerability Number

V-56033

Documentable

False

Rule Version

SRG-APP-000456-WSR-000187

Severity Override Guidance

Review the web server documentation and configuration to determine if the web server checks for patches from an authoritative source at least every 30 days.

If there is no timeframe or the timeframe is greater than 30 days, this is a finding.

Check Content Reference

M

Target Key

2557

Comments