Check: ENS-CO-000115
Trellix ENS 10.x STIG:
ENS-CO-000115
(in versions v2 r7 through v2 r5)
Title
(U) ENS must have the latest version from the DISA Patch Repository. (Cat II impact)
Discussion
(U) Software not running the latest tested and approved versions of software are vulnerable to network attacks. Running the most current, approved version of system and device software helps the site maintain a stable base of security fixes and patches, as well as enhancements to IP security. Viruses, denial-of-service attacks, system weaknesses, back doors, and other potentially harmful situations could render a system vulnerable, allowing unauthorized access to DoD assets.
Check Content
(U) From the ePO server console, select Menu and access Software Library. Verify the ENS version level is the latest as is posted on the DISA Patches Repository. If the version is not the most current, this is a finding.
Fix Text
(U) Download the latest software and extension version for ENS from the DISA Patches Repository and install into the ePO Software Library.
Additional Identifiers
Rule ID: SV-230195r772346_rule
Vulnerability ID: V-230195
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
Controls
Number | Title |
---|---|
SI-3 (2) |
Automatic Updates |