Detections
Analytics

CSCv7|3.5

Title

Deploy Automated Software Patch Management Tools

Description

Deploy automated software update tools in order to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor.

Reference Item Details

Category: Continuous Vulnerability Management

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 12.0 Monterey v4.0.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
1.1 Ensure All Apple-provided Software Is CurrentUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1
1.1 Install Updates, Patches and Additional Security SoftwareUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
1.1 Verify all Apple-provided software is currentUnixCIS Apple macOS 10.14 v2.0.0 L1
1.1.1 Install Available UpdatesIBM_DB2DBCIS IBM DB2 11 v1.1.0 Database Level 1
1.1.10.1 (L1) Ensure 'Extension Update' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.18.3 (L1) Ensure 'browser.search.update' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.24 (L1) Ensure 'Application Autoupdate' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.25 (L1) Ensure 'Background updater' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.34 (L1) Ensure 'Disable System Addon Updates' is set to 'Disabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.36 (L1) Ensure 'Disable Update' is set to 'Disabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 12.0 Monterey v4.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
1.2 Ensure Auto Update Is EnabledUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
1.2.1 Ensure GPG keys are configuredUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS Red Hat EL8 Workstation L1 v3.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS Rocky Linux 8 Server L1 v2.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS AlmaLinux OS 8 Workstation L1 v3.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
1.2.1 Ensure GPG keys are configuredUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Server
1.2.1 Ensure GPG keys are configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
1.2.1 Ensure GPG keys are configuredUnixCIS Rocky Linux 8 Workstation L1 v2.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS AlmaLinux OS 8 Server L1 v3.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS Amazon Linux 2 v3.0.0 L1
1.2.1 Ensure GPG keys are configuredUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Server
1.2.1 Ensure GPG keys are configuredUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
1.2.1 Ensure GPG keys are configuredUnixCIS Oracle Linux 8 Server L1 v3.0.0
1.2.1 Ensure GPG keys are configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Server
1.10 Ensure updates, patches, and additional security software are installedUnixCIS Debian Family Workstation L1 v1.0.0
1.10 Ensure updates, patches, and additional security software are installedUnixCIS Debian Family Server L1 v1.0.0
1.13 (L1) Ensure 'Disable saving browser history' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.15 (L1) Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'WindowsCIS Google Chrome L1 v3.0.0
1.117 (L1) Ensure 'Notify a user that a browser restart is recommended or required for pending updates' is set to 'Enabled: Required - Show a recurring prompt to the user indicating that a restart is required'WindowsCIS Microsoft Edge v3.0.0 L1
1.120 (L1) Ensure 'Set the time period for update notifications' is set to 'Enabled: 86400000'WindowsCIS Microsoft Edge v3.0.0 L1