800-53|SI-2(5)

Title

AUTOMATIC SOFTWARE / FIRMWARE UPDATES

Description

The organization installs [Assignment: organization-defined security-relevant software and firmware updates] automatically to [Assignment: organization-defined information system components].

Supplemental

Due to information system integrity and availability concerns, organizations give careful consideration to the methodology used to carry out automatic updates. Organizations must balance the need to ensure that the updates are installed as soon as possible with the need to maintain configuration management and with any mission or operational impacts that automatic updates might impose.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: FLAW REMEDIATION

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Enable Auto Update	Unix	CIS Apple macOS 10.13 L1 v1.1.0
1.2 Enable Auto Update	Unix	CIS Apple macOS 10.12 L1 v1.1.0
1.2 Enable Auto Update	Unix	CIS Apple macOS 10.12 L1 v1.2.0
1.2 Enable Auto Update	Unix	CIS Apple macOS 10.15 v1.3.0 L1
1.2 Enable Auto Update	Unix	CIS Apple macOS 10.13 L1 v1.0.0
1.2 Enable Auto Update	Unix	CIS Apple macOS 10.14 v1.3.0 L1
1.2 Enable Auto Update	Unix	CIS Apple OSX 10.10 Yosemite L1 v1.2.0
1.2 Enable Auto Update	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
1.2 Enable Auto Update	Unix	CIS Apple macOS 11 v1.1.0 L1
1.2 Enable Auto Update Checks	Unix	CIS Apple OSX 10.9 L1 v1.3.0
1.2.3.2.1 Configure 'Configure Automatic Updates'	Windows	CIS Windows 2003 MS v3.1.0
1.2.3.2.1 Configure 'Configure Automatic Updates'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.2.2/1.2.3.2.4 Configure 'Specify intranet Microsoft update service location'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.2.2/1.2.3.2.4 Configure 'Specify intranet Microsoft update service location'	Windows	CIS Windows 2003 MS v3.1.0
1.2.3.2.5 Configure 'No auto-restart with logged on users for scheduled automatic updates installations'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.2.5 Configure 'No auto-restart with logged on users for scheduled automatic updates installations'	Windows	CIS Windows 2003 MS v3.1.0
1.2.3.2.6 Configure 'Do not display Install Updates and Shut Down; option in Shut Down Windows dialog box'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.2.6 Configure 'Do not display Install Updates and Shut Down; option in Shut Down Windows dialog box'	Windows	CIS Windows 2003 MS v3.1.0
1.2.3.2.7 Configure 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box'	Windows	CIS Windows 2003 MS v3.1.0
1.2.3.2.7 Configure 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.2.8 Configure 'Reschedule Automatic Updates scheduled installations'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.2.8 Configure 'Reschedule Automatic Updates scheduled installations'	Windows	CIS Windows 2003 MS v3.1.0
1.2.4.7.2 Set 'Reschedule Automatic Updates scheduled installations' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.7.4 Set 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.7.5 Set 'Configure Automatic Updates' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.7.7 Set 'Scheduled install day' to '0 - Every day'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.7.8 Set 'No auto-restart with logged on users for scheduled automatic updates installations' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.7.9 Set 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.3 Enable app update installs	Unix	CIS Apple macOS 10.12 L1 v1.2.0
1.3 Enable app update installs	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
1.3 Enable app update installs	Unix	CIS Apple OSX 10.10 Yosemite L1 v1.2.0
1.3 Enable app update installs	Unix	CIS Apple macOS 10.13 L1 v1.1.0
1.3 Enable app update installs	Unix	CIS Apple OSX 10.9 L1 v1.3.0
1.3 Enable app update installs	Unix	CIS Apple macOS 10.13 L1 v1.0.0
1.3 Enable app update installs	Unix	CIS Apple macOS 10.12 L1 v1.1.0
1.3 Enable Download new updates when available	Unix	CIS Apple macOS 11 v1.1.0 L1
1.3 Enable Download new updates when available	Unix	CIS Apple macOS 10.15 v1.3.0 L1
1.3 Enable Download new updates when available	Unix	CIS Apple macOS 10.14 v1.3.0 L1
1.4 Enable app update installs	Unix	CIS Apple macOS 10.15 v1.3.0 L1
1.4 Enable app update installs	Unix	CIS Apple macOS 11 v1.1.0 L1
1.4 Enable app update installs	Unix	CIS Apple macOS 10.14 v1.3.0 L1
1.4 Enable system data files and security update installs - 'ConfigDataInstall'	Unix	CIS Apple OSX 10.10 Yosemite L1 v1.2.0
1.4 Enable system data files and security update installs - 'ConfigDataInstall'	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
1.4 Enable system data files and security update installs - 'ConfigDataInstall'	Unix	CIS Apple macOS 10.12 L1 v1.1.0
1.4 Enable system data files and security update installs - 'ConfigDataInstall'	Unix	CIS Apple macOS 10.13 L1 v1.0.0
1.4 Enable system data files and security update installs - 'ConfigDataInstall'	Unix	CIS Apple macOS 10.12 L1 v1.2.0
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'	Unix	CIS Apple macOS 10.12 L1 v1.2.0
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'	Unix	CIS Apple macOS 10.13 L1 v1.0.0
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
1.15 Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'	Windows	CIS Google Chrome L1 v2.1.0

Detections

Analytics