Flaw Remediation - Review version of running image

Information

Organizations identify information systems affected by announced software flaws including potential vulnerabilities resulting from those flaws, and report this information to designated organizational personnel with information security responsibilities. Security-relevant software updates include, for example, patches, service packs, hot fixes, and anti-virus signatures.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

By incorporating flaw remediation into ongoing configuration management processes, required/anticipated remediation actions can be tracked and verified. Flaw remediation actions that can be tracked and verified include, for example, determining whether organizations follow US-CERT guidance and Information Assurance Vulnerability Alerts. Organization-defined time periods for updating security-relevant software and firmware may vary based on a variety of factors including, for example, the security category of the information system or the criticality of the update (i.e., severity of the vulnerability related to the discovered flaw).

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2

Plugin: Cisco_Viptela

Control ID: 174e08d9223937421ebd446a657d0cb2611d738eee649c73b59fab7fef5ad38b