Title

The DBMS must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization. (Cat II impact)

Discussion

Software and firmware components prevented from installation unless signed with recognized and approved certificates include software and firmware version updates, patches, service packs, device drivers, and basic input/output system updates. Organizations can identify applicable software and firmware components by type, by specific items, or a combination of both. Digital signatures and organizational verification of such signatures is a method of code authentication.

Check Content

Verify the DBMS is configured to prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization. If the DBMS is not configured to prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization, this is a finding.

Fix Text

Configure the DBMS to prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.

Additional Identifiers

Rule ID: SV-263606r981976_rule

Vulnerability ID: V-263606

Group Title: SRG-APP-000810

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.