Skip to content
ATO Pathways
  Log In

CCI-002605

Install security-relevant software updates within an organization-defined time period of the release of the updates.

Logo
1

Rule

Severity: High
The Adobe Acrobat Pro DC Continuous latest security-related software updates must be installed.
Logo
1

Rule

Severity: High
Adobe Reader DC must have the latest Security-related Software Updates installed.
Logo
4

Rule

Severity: Medium
The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
The application server must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Security-relevant software updates and patches must be kept up to date.
Logo
2

Rule

Severity: Medium
Maintenance for security-related software updates for CA IDMS modules must be provided.
Logo
1

Rule

Severity: High
The FortiGate device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
Logo
2

Rule

Severity: High
Forescout must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the Information System Security Officer (ISSO).
Logo
1

Rule

Severity: High
The HYCU Web UI must be configured to send log data to a central log server for forwarding alerts to the administrators and the ISSO.
Logo
1

Rule

Severity: Medium
The MQ Appliance messaging server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
Security-relevant software updates to DB2 must be installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
The WebSphere Liberty Server must install security-relevant software updates within the time period directed by an authoritative source.
Logo
1

Rule

Severity: Medium
The WebSphere Application Server must apply the latest security fixes.
Logo
1

Rule

Severity: Medium
The WebSphere Application Server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
The Ivanti MobileIron Core server must be maintained at a supported version.
Logo
1

Rule

Severity: High
MobileIron Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
Logo
2

Rule

Severity: High
The ISEC7 Sphere server must be maintained at a supported version.
Logo
2

Rule

Severity: High
Production JBoss servers must be supported by the vendor.
Logo
2

Rule

Severity: High
The JRE installed on the JBoss server must be kept up to date.
Logo
2

Rule

Severity: Medium
The Mainframe Product must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
The installed version of Firefox must be supported.
Logo
2

Rule

Severity: High
The version of Microsoft Edge running on the system must be a supported version.
Logo
5

Rule

Severity: Medium
Exchange must have the most current, approved service pack installed.
Logo
1

Rule

Severity: Medium
Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.
Logo
1

Rule

Severity: Medium
Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: Medium
Software updates to SQL Server must be tested before being applied to production systems.
Logo
1

Rule

Severity: Medium
Nutanix AOS must be running an operating system release that is currently supported by the vendor.
Logo
2

Rule

Severity: High
The configuration integrity of the container platform must be ensured and vulnerabilities policies must be configured.
Logo
2

Rule

Severity: Medium
Prisma Cloud Compute's Intelligence Stream must be kept up to date.
Logo
2

Rule

Severity: High
The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
Logo
1

Rule

Severity: Medium
Tanium Server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
4

Rule

Severity: Medium
The Tanium application must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: Medium
The Tanium Application Server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
The Tanium operating system (TanOS) must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
The TippingPoint SMS must automatically generate audit records for account changes and actions with containing information needed for analysis of the event that occurred on the SMS and TPS.
Logo
2

Rule

Severity: High
The UEM server must be maintained at a supported version.
Logo
1

Rule

Severity: High
The NSX-T Manager must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the Information System Security Officer (ISSO).
Logo
1

Rule

Severity: High
All Horizon components must be running supported versions.
Logo
2

Rule

Severity: Medium
Tomcat server must be patched for security vulnerabilities.
Logo
3

Rule

Severity: Medium
Security-relevant software updates to PostgreSQL must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
6

Rule

Severity: High
The Cisco switch must be running an IOS release that is currently supported by Cisco Systems.
Logo
2

Rule

Severity: Medium
The container platform registry must contain the latest images with most recent updates and execute within the container platform runtime as authorized by IAVM, CTOs, DTMs, and STIGs.
Logo
2

Rule

Severity: Medium
The container platform runtime must have updates installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: Medium
Security-relevant software updates to the DBMS must be installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Logo
3

Rule

Severity: Medium
Security-relevant software updates to the EDB Postgres Advanced Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
The version of Google Chrome running on the system must be a supported version.
Logo
2

Rule

Severity: High
The HPE Nimble must forward critical alerts (at a minimum) to the system administrators and the ISSO.
Logo
2

Rule

Severity: Medium
The operating system must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: High
The ICS must be configured to send admin log data to a redundant central log server.
Logo
1

Rule

Severity: High
The Juniper EX switch must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
Logo
2

Rule

Severity: Medium
Security-relevant software updates to MarkLogic Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Security-relevant software updates to MariaDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Security-relevant software updates to MongoDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Exchange must have the most current, approved Cumulative Update (CU) installed.
Logo
2

Rule

Severity: Medium
Exchange must have the most current, approved Cumulative Update installed.
Logo
1

Rule

Severity: High
The version of Internet Explorer running on the system must be a supported version.
Logo
2

Rule

Severity: Medium
Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
Vendor-supported software must be evaluated and patched against newly found vulnerabilities.
Logo
1

Rule

Severity: High
Security-relevant software updates to PostgreSQL must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Security-relevant software updates to the MySQL Database Server 8.0 must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Security-relevant software updates to Redis Enterprise DBMS must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Rancher RKE2 registry must contain the latest images with most recent updates and execute within Rancher RKE2 runtime as authorized by IAVM, CTOs, DTMs, and STIGs.
Logo
2

Rule

Severity: Medium
OpenShift must contain the latest images with most recent updates and execute within the container platform runtime as authorized by IAVM, CTOs, DTMs, and STIGs.
Logo
2

Rule

Severity: Medium
OpenShift runtime must have updates installed within the period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
Automation Controller NGINX web servers must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
2

Rule

Severity: Medium
The web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: Medium
The macOS system must be a supported release.
Logo
1

Rule

Severity: Medium
Security-relevant software updates to the DBMS must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
The F5 BIG-IP appliance must generate audit records and send records to redundant central syslog servers that are separate from the appliance.
Logo
1

Rule

Severity: Medium
IBM Security zSecure system administrators must install security-relevant zSecure software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
The Ivanti EPMM server must be maintained at a supported version.
Logo
1

Rule

Severity: High
Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
Logo
1

Rule

Severity: High
The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
Logo
1

Rule

Severity: Medium
Vulnerability scanning must be enabled for all repositories in MSR.
Logo
1

Rule

Severity: Medium
MKE must contain the latest updates.
Logo
1

Rule

Severity: High
MongoDB products must be a supported version.
Logo
1

Rule

Severity: Medium
The network device must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Logo
1

Rule

Severity: High
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules