1.8 Ensure updates, patches, and additional security software are installed

Information

Periodically patches are released for included software either due to security flaws or to
include additional functionality.

Rationale:

Newer patches may contain security enhancements that would not be available through the
latest full update. As a result, it is recommended that the latest software patches be used to
take advantage of the latest functionality. As with any software installation, organizations
need to determine if a given update meets their requirements and verify the compatibility
and supportability of any additional software against the update revision that is selected.

Solution

Use your package manager to update all packages on the system according to site policy.

Notes:

Site policy may mandate a testing period before install onto production systems for
available updates.

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c., CSCv6|4.5, CSCv7|3.4, CSCv7|3.5

Plugin: Unix

Control ID: 279ee20a94a9d3df930f626b22ec1114afa01c08dcec54d105065f023adccdea