Information
This policy setting ensures that automated mechanisms are in place to determine the state of system components regarding flaw remediation using the following frequency: continuously, where Host Based Security System (HBSS) is used ; 30 days, for any additional internal network scans not covered by HBSS ; and annually, for external scans by Computer Network Defense Service Provider (CNDSP)
Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws. The operating system may have an integrated solution incorporating continuous scanning using HBSS and periodic scanning using other tools.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Install a DoD approved HBSS software and ensure it is operating continuously. In addition, a documented configuration for an installed HBSS or if the HBSS software needs to be created.
Impact:
Automated mechanisms will need to be put in place to determine the state of system components. Resources for the system will need to be procured.