All security related patches are not installed.
An XCCDF Rule
Description
<VulnDiscussion>Failure to install security related patches leaves the SAN open to attack by exploiting known vulnerabilities. The IAO/NSO will ensure that all security-related patches are installed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts>Untested patches can lead to the SAN degradation or failure.</PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><Responsibility>Network Security Officer</Responsibility><IAControls>VIVM-1</IAControls>
- ID
- SV-6733r1_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
After verifying that the patches do not adversely impact the production SAN, create a plan for installing the patches on the SAN, obtain CM approval of the plan, and implement the plan installing the patches.