Title

The application must support organizational requirements to employ automated patch management tools to facilitate flaw remediation to organization-defined information system components. Patch management tools must be automated. (Cat II impact)

Discussion

The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling, shall also be addressed expeditiously. Due to information system integrity and availability concerns, organizations shall give careful consideration to the methodology used to carry out automatic updates. Rationale for non-applicability: Automated updates of mobile application software is an MDM function and is therefore outside the scope of this SRG.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46992r1_rule

Vulnerability ID: V-35705

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.