Ensure Software Patches Installed
An XCCDF Rule
Description
NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
dictates.
warning alert: Warning
Fedora does not have a corresponding OVAL CVE Feed. Therefore, this will result in a "not checked" result during a scan.
Rationale
Installing software updates is a fundamental mitigation against the exploitation of publicly-known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.
- ID
- xccdf_org.ssgproject.content_rule_security_patches_up_to_date
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Security patches are up to date
package:
name: '*'
state: latest
tags:
- CJIS-5.10.4.1