An error occurred:

Check: SRG-APP-000454-DB-000389

Database SRG: SRG-APP-000454-DB-000389 (in versions v3 r4 through v2 r10)

Title

When updates are applied to the DBMS software, any software components that have been replaced or made unnecessary must be removed. (Cat II impact)

Discussion

Previous versions of DBMS components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some DBMSs' installation tools may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the outdated modules. A transition period may be necessary when both the old and the new software are required. This should be taken into account in the planning.

Check Content

If software components that have been replaced or made unnecessary are not removed, this is a finding.

Fix Text

Identify and remove software components that have been replaced or made unnecessary.

Additional Identifiers

Rule ID: SV-206610r879825_rule

Vulnerability ID: V-206610

Group Title: SRG-APP-000454

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002617

The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-2 (6)

Removal Of Previous Versions Of Software / Firmware