1.2.2 Ensure GPG keys are configured

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Most packages managers implement GPG key signing to verify package integrity during installation.


It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation of malware on the system.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Update your package manager GPG keys in accordance with site policy.

See Also