Title

The DSN local system must use approved software updates and patches for all components. (Cat II impact)

Discussion

All patches and new system software must be tested on non-production systems and hardware prior to use to determine the effects the new software will have on systems operations and security. Approved products are listed on the DoD Approved Products list (APL) to include the specific versions and releases. Additionally, the Information Assurance Vulnerability Management (IAVM) system provides information on versions and releases that may have security issues, to include zero-day vulnerabilities. The Authorizing Official (AO) can accept the risk of using software updates or patches on the system when mission essential.

Check Content

Review site documentation to confirm the DSN local system uses approved software updates and patches for all components. Approved software updates and patches are listed in the DoD Approved Products List (APL). Additional requirements are provided in the Information Assurance Vulnerability Management (IAVM) system. The Authorizing Official (AO) can also approve software updates or patches. If the DSN local system is not using approved software updates and patches for all components, this is a finding.

Fix Text

Implement and document the DSN local system with approved software updates and patches for all components.

Additional Identifiers

Rule ID: SV-9029r2_rule

Vulnerability ID: V-8532

Group Title: Software updates and patches approved

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.