800-53|SI-2(6)

Title

REMOVAL OF PREVIOUS VERSIONS OF SOFTWARE / FIRMWARE

Description

The organization removes [Assignment: organization-defined software and firmware components] after updated versions have been installed.

Supplemental

Previous versions of software and/or firmware components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software and/or firmware automatically from the information system.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: FLAW REMEDIATION

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.7 Ensure removal of software components after update	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.7 Software Inventory Considerations	Unix	CIS Apple macOS 10.14 v1.3.0 L2
3.7 Software Inventory Considerations	Unix	CIS Apple macOS 10.15 v1.3.0 L2
6.3 Ensure removal of software components after update	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
AIX7-00-003028 - AIX must remove all software components after updated versions have been installed.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003028 - AIX must remove all software components after updated versions have been installed.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-003028 - AIX must remove all software components after updated versions have been installed.	Unix	DISA STIG AIX 7.x v2r1
Big Sur - Must remove all software components after updated versions installed	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Must remove all software components after updated versions installed	Unix	NIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-004130 - Docker Enterprise older Universal Control Plane (UCP) and Docker Trusted Registry (DTR) images must be removed from all cluster nodes upon upgrading.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v1r1
DKER-EE-004130 - Docker Enterprise older Universal Control Plane (UCP) and Docker Trusted Registry (DTR) images must be removed from all cluster nodes upon upgrading.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
JRE8-UX-000190 - Oracle JRE 8 must remove previous versions when the latest version is installed.	Unix	DISA STIG Oracle JRE 8 Unix v1r3
JRE8-WN-000190 - Oracle JRE 8 must remove previous versions when the latest version is installed.	Windows	DISA STIG Oracle JRE 8 Windows v2r1
MADB-10-009200 - When updates are applied to the MariaDB software, any software components that have been replaced or made unnecessary must be removed.	Unix	DISA MariaDB Enterprise 10.x v1r3 OS Linux
MD4X-00-006300 - When updates are applied to MongoDB software, any software components that have been replaced or made unnecessary must be removed.	Unix	DISA STIG MongoDB Enterprise Advanced 4.x v1r3 OS
Monterey - Must remove all software components after updated versions installed	Unix	NIST macOS Monterey v1.0.0 - All Profiles
OL07-00-020200 - The Oracle Linux operating system must remove all software components after updated versions have been installed.	Unix	DISA Oracle Linux 7 STIG v2r14
OL07-00-020200 - The Oracle Linux operating system must remove all software components after updated versions have been installed.	Unix	DISA Oracle Linux 7 STIG v2r4
OL07-00-020200 - The Oracle Linux operating system must remove all software components after updated versions have been installed.	Unix	DISA Oracle Linux 7 STIG v2r5
OL08-00-010440 - YUM must remove all software components after updated versions have been installed on OL 8.	Unix	DISA Oracle Linux 8 STIG v1r10
PGS9-00-004300 - When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed.	Unix	DISA STIG PostgreSQL 9.x on RHEL OS v2r4
PHTN-30-000066 - The Photon operating system must remove all software components after updated versions have been installed.	Unix	DISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-67-000070 - The Photon operating system must remove all software components after updated versions have been installed.	Unix	DISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-07-020200 - The Red Hat Enterprise Linux operating system must remove all software components after updated versions have been installed.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r14
RHEL-07-020200 - The Red Hat Enterprise Linux operating system must remove all software components after updated versions have been installed.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r4
RHEL-07-020200 - The Red Hat Enterprise Linux operating system must remove all software components after updated versions have been installed.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r7
RHEL-07-020200 - The Red Hat Enterprise Linux operating system must remove all software components after updated versions have been installed.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r5
RHEL-08-010440 - YUM must remove all software components after updated versions have been installed on RHEL 8.	Unix	DISA Red Hat Enterprise Linux 8 STIG v1r14
RHEL-09-214035 - RHEL 9 must remove all software components after updated versions have been installed.	Unix	DISA Red Hat Enterprise Linux 9 STIG v1r3
SLES-12-010570 - The SUSE operating system must remove all outdated software components after updated versions have been installed.	Unix	DISA SLES 12 STIG v2r13
SLES-15-010560 - The SUSE operating system must remove all outdated software components after updated versions have been installed.	Unix	DISA SLES 15 STIG v1r13
SQL6-D0-012700 - When updates are applied to SQL Server software, any software components that have been replaced or made unnecessary must be removed.	MS_SQLDB	DISA STIG SQL Server 2016 Instance DB Audit v2r12
UBTU-16-010570 - Advance package Tool (APT) must remove all software components after updated versions have been installed.	Unix	DISA STIG Ubuntu 16.04 LTS v2r1
UBTU-16-010570 - Advance package Tool (APT) must remove all software components after updated versions have been installed.	Unix	DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Dependencies	Unix	DISA STIG Ubuntu 18.04 LTS v2r4
UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Dependencies	Unix	DISA STIG Ubuntu 18.04 LTS v2r2
UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Kernel-Packages	Unix	DISA STIG Ubuntu 18.04 LTS v2r2
UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Kernel-Packages	Unix	DISA STIG Ubuntu 18.04 LTS v2r4
UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed.	Unix	DISA STIG Ubuntu 18.04 LTS v2r14
UBTU-20-010449 - The Ubuntu operating system must be configured so that Advance Package Tool (APT) removes all software components after updated versions have been installed.	Unix	DISA STIG Ubuntu 20.04 LTS v1r12
UBTU-22-214015 - Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) removes all software components after updated versions have been installed.	Unix	DISA STIG Canonical Ubuntu 22.04 LTS v1r1
WBSP-AS-001740 - The WebSphere Application Server must remove organization-defined software components after updated versions installed.	Unix	DISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001740 - The WebSphere Application Server must remove organization-defined software components after updated versions installed.	Windows	DISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001740 - The WebSphere Application Server must remove organization-defined software components after updated versions installed.	Unix	DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware

Detections

Analytics