Title

(U) ENS must have the latest version from the DISA Patch Repository. (Cat II impact)

Discussion

(U) Software not running the latest tested and approved versions of software are vulnerable to network attacks. Running the most current, approved version of system and device software helps the site maintain a stable base of security fixes and patches, as well as enhancements to IP security. Viruses, denial-of-service attacks, system weaknesses, back doors, and other potentially harmful situations could render a system vulnerable, allowing unauthorized access to DOD assets.

Check Content

(U) From the ePO server console, select Menu and access Software Library. Verify the ENS module version level is within 30 days from when the patch was posted on the Authorizing Official (AO) Approved Patch Repository, as directed by JFHQ-DODIN task order 8600. If the version is not within the guidance on the line above, this is a finding.

Fix Text

(U) Download the latest software and extension version for ENS from an AO Approved Patch Repository and install into the ePO Software Library.

Additional Identifiers

Rule ID: SV-230195r1112444_rule

Vulnerability ID: V-230195

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.