CCI|CCI-002605

Title

The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AADC-CL-001075 - Unsupported versions of Adobe Acrobat Pro DC Classic must be uninstalled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001075 - The Adobe Acrobat Pro DC Continuous latest security-related software updates must be installed.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-001075 - The Adobe Acrobat Pro XI latest security-related software updates must be installed.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-005000 - An unsupported Adobe Acrobat Pro version must not be installed.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ARDC-CL-000340 - Unsupported version of Adobe Acrobat Reader DC Classic must be uninstalled.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000340 - Adobe Reader DC must have the latest Security-related Software Updates installed.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-W1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
CASA-ND-001410 - The Cisco ASA must be configured to send log data to a central log server for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging hostCiscoDISA STIG Cisco ASA NDM v1r1
CASA-ND-001410 - The Cisco ASA must be configured to send log data to a central log server for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging trapCiscoDISA STIG Cisco ASA NDM v1r1
CISC-ND-001450 - The Cisco router must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO - hostCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-001450 - The Cisco router must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO - trapCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-001470 - The Cisco switch must be running an IOS release that is currently supported by Cisco Systems.CiscoDISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-001470 - The Cisco switch must be running an IOS release that is currently supported by Cisco Systems.CiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-001470 - The Cisco switch must be running an IOS release that is currently supported by Cisco Systems.CiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CNTR-K8-002720 - Kubernetes must contain the latest updates as authorized by IAVMs, CTOs, DTMs, and STIGs.UnixDISA STIG Kubernetes v1r5
DTAM171 - (U) McAfee VirusScan must have the current security patches installed.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM171 - (U) McAfee VirusScan must have the current security patches installed.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTBC-0050 - The version of Google Chrome running on the system must be a supported version.WindowsDISA STIG Google Chrome v2r6
DTOO401 - Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site - automatic updatesWindowsDISA STIG Microsoft Office System 2013 v2r1
DTOO401 - Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site - update serverWindowsDISA STIG Microsoft Office System 2013 v2r1
DTOO401 - Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site - update stats serverWindowsDISA STIG Microsoft Office System 2013 v2r1
EDGE-00-000045 - The version of Microsoft Edge running on the system must be a supported version.WindowsDISA STIG Edge v1r4
EX13-CA-000160 - Exchange must have the most current, approved service pack installed.WindowsDISA Microsoft Exchange 2013 Client Access Server STIG v2r1
EX13-EG-000350 - Exchange must have the most current, approved service pack installed.WindowsDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-MB-000340 - Exchange must have the most current, approved service pack installed.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-ED-000700 - Exchange must have the most current, approved service pack installed.WindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3
EX16-MB-000680 - Exchange must have the most current, approved service pack installed.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r4
FFOX-00-000001 - The installed version of Firefox must be supported.UnixDISA STIG Mozilla Firefox MacOS v6r2
FFOX-00-000001 - The installed version of Firefox must be supported.UnixDISA STIG Mozilla Firefox Linux v6r2
FFOX-00-000001 - The installed version of Firefox must be supported.WindowsDISA STIG Mozilla Firefox Windows v6r2
FGFW-ND-000295 - The FortiGate device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.FortiGateDISA Fortigate Firewall NDM STIG v1r1
JBOS-AS-000680 - Production JBoss servers must be supported by the vendor.UnixDISA RedHat JBoss EAP 6.3 STIG v2r3
JBOS-AS-000685 - The JRE installed on the JBoss server must be kept up to date.UnixDISA RedHat JBoss EAP 6.3 STIG v2r3
JRE8-UX-000180 - The version of Oracle JRE 8 running on the system must be the most current available.UnixDISA STIG Oracle JRE 8 Unix v1r3
JRE8-WN-000180 - The version of Oracle JRE 8 running on the system must be the most current available.WindowsDISA STIG Oracle JRE 8 Windows v2r1
JUNI-ND-001440 - The Juniper router must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.JuniperDISA STIG Juniper Router NDM v2r1
MD4X-00-006400 - Security-relevant software updates to MongoDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS
MD4X-00-006500 - MongoDB products must be a version supported by the vendor.MongoDBDISA STIG MongoDB Enterprise Advanced 4.x v1r1 DB
O112-C1-011100 - Vendor-supported software must be evaluated and patched against newly found vulnerabilities.UnixDISA STIG Oracle 11.2g v2r3 Linux
O112-C1-011100 - Vendor-supported software must be evaluated and patched against newly found vulnerabilities.WindowsDISA STIG Oracle 11.2g v2r3 Windows
SQL4-00-035400 - Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).WindowsDISA STIG SQL Server 2014 Instance OS Audit v2r2
TCAT-AS-001470 - Tomcat server must be patched for security vulnerabilities.UnixDISA STIG Apache Tomcat Application Server 9 v2r4 Middleware
TCAT-AS-001470 - Tomcat server must be patched for security vulnerabilities.UnixDISA STIG Apache Tomcat Application Server 9 v2r4
VCENTER-000099 - The version of vCenter running on the server must be a supported version.VMwareDISA STIG VMWare ESXi vCenter 5 STIG v2r1
VCPG-67-000025 - The vPostgres database security updates and patches must be installed in a timely manner in accordance with site policy.UnixDISA STIG VMware vSphere 6.7 PostgreSQL v1r1
WBSP-AS-001750 - The WebSphere Application Server must apply the latest security fixes.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001750 - The WebSphere Application Server must apply the latest security fixes.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001750 - The WebSphere Application Server must apply the latest security fixes.UnixDISA IBM WebSphere Traditional 9 STIG v1r1