Navigate

Check: GEN008800

VMware ESX 3 Server: GEN008800 (in version v1 r2)

Title

The system package management tool must cryptographically verify the authenticity of software packages during installation. (Cat III impact)

Discussion

To prevent the installation of software from unauthorized sources, the system package management tool must use cryptographic algorithms to verify the packages are authentic.

Check Content

Determine if the system package management tool cryptographically verifies the authenticity of packages during installation. If it does not, this is a finding.

Fix Text

If possible, configure the system package management tool to cryptographically verify the authenticity of packages during installation.

Additional Identifiers

Rule ID: SV-26263r1_rule

Vulnerability ID: V-22588

Group Title: GEN008800

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000351	The organization defines critical software programs that the information system will prevent from being installed if such software programs are not signed with a recognized and approved certificate.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
No controls are assigned to this check