1.2 Enable Auto Update

Information

Auto Update verifies that your system has the newest security patches and software updates. If 'Automatically check for updates' is not selected background updates for new malware definition files from Apple for XProtect and Gatekeeper will not occur.

http://macops.ca/os-x-admins-your-clients-are-not-getting-background-security-updates/

https://derflounder.wordpress.com/2014/12/17/forcing-xprotect-blacklist-updates-on-mavericks-and-yosemite/

Rationale:

It is important that a system has the newest updates applied so as to prevent unauthorized persons from exploiting identified vulnerabilities.

Impact:

Without automatic update, updates may not be made in a timely manner and the system will be exposed to additional risk.

Solution

Perform the following to enable the system to automatically check for updates:
Graphical Method:

Open System Preferences

Select Software Update

Select Automatically check for updates

Terminal Method:
Run the following command to enable auto update:

$ sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true

See Also

https://workbench.cisecurity.org/files/3013

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2(5)

Plugin: Unix

Control ID: 4cff9ceac47a506e7a532be4321202bf0518bd43d2d64ba7025aed66f27226c7