An error occurred:

Check: ZSEC-00-000220

IBM zSecure Suite STIG: ZSEC-00-000220 (in versions v1 r2 through v1 r1)

Title

IBM Security zSecure must remove all upgraded/replaced zSecure software components that are no longer required for operation after updated versions have been installed. (Cat II impact)

Discussion

Previous versions of zSecure products and components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.

Check Content

Examine the inventory of installed software components for zSecure. If software components that are no longer required for operation exist, this is a finding.

Fix Text

Remove all upgraded/replaced software components that are no longer required for operation.

Additional Identifiers

Rule ID: SV-259736r961677_rule

Vulnerability ID: V-259736

Group Title: SRG-APP-000454-MFP-000343

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002617

Remove previous versions of organization-defined software components after updated versions have been installed.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-2(6)

Removal of Previous Versions of Software / Firmware