1.2.2 Ensure GPG keys are configured

Information

Most packages managers implement GPG key signing to verify package integrity during
installation.

Rationale:

It is important to ensure that updates are obtained from a valid source to protect against
spoofing that could lead to the inadvertent installation of malware on the system.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Update your package manager GPG keys in accordance with site policy.

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c., CSCv6|4.5, CSCv7|3.4, CSCv7|3.5

Plugin: Unix

Control ID: e1f04f5ca27512b5f07a8366eb81147b61cbf5496f22edefe991c6c5029d4256