WN08-GE-000028 - The system must employ automated mechanisms or must have an application installed that, on an organization defined frequency determines the state of information system components with regard to flaw remediation.

Information

Organizations are required to identify information systems containing software affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) and report this information to designated organizational officials with information security responsibilities (e.g., senior information security officers, information system security managers, information systems security officers). To support this requirement, an automated process or mechanism is required.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish an automated process to scan systems for identified software flaws and vulnerabilities.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_8_and_8-1_V1R23_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001233, Rule-ID|SV-48383r2_rule, STIG-ID|WN08-GE-000028, Vuln-ID|V-36734

Plugin: Windows

Control ID: 4ed585fdcc77153abac2a3a4fd7ac04f1d973b8452750a4765f55bb79088cd68