Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation of malware on the system. NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Update your package manager GPG keys in accordance with site policy.