The Mission Owner of the Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) must remove all upgraded or replaced software and firmware components that are no longer required for operation.

An XCCDF Rule

Description

<VulnDiscussion>Adversaries may exploit previous versions of software components that are not removed from the information system after updates have been installed. Some information technology products may remove older versions of software from the information system automatically.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259882r958938_rule
Severity: Medium
References: CCI-002618
Updated: 17 days ago

This applies to all Impact Levels.
FedRAMP Moderate, High.

Remove all upgraded or replaced software and firmware components that are no longer required for operation from the IaaS/PaaS.

The Mission Owner of the Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) must remove all upgraded or replaced software and firmware components that are no longer required for operation.

Description

Remediation - Manual Procedure