1.9 Ensure updates, patches, and additional security software are installed


Periodically patches are released for included software either due to security flaws or to include additional functionality.

Note: Site policy may mandate a testing period before install onto production systems for available updates.


Newer patches may contain security enhancements that would not be available through the latest full update. As a result, it is recommended that the latest software patches be used to take advantage of the latest functionality. As with any software installation, organizations need to determine if a given update meets their requirements and verify the compatibility and supportability of any additional software against the update revision that is selected.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Use your package manager to update all packages on the system according to site policy.
The following command will install all available packages

# yum update

See Also


Item Details


References: 800-53|CM-6b., CCI|CCI-000366, CSCv7|3.4, CSCv7|3.5, Rule-ID|SV-204459r603261_rule, STIG-ID|RHEL-07-020260

Plugin: Unix

Control ID: 2d04a2868167b2c023bd3cb32c959d9ba9cfa930f1975f92fe7e6f4dff0e754b