STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must have the capability to prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

DISA Rule

SV-222513r561248_rule

Vulnerability Number

V-222513

Group Title

SRG-APP-000131

Rule Version

APSC-DV-001430

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Design and configure the application to have the capability to prevent unsigned patches and packages from being installed.

Provide a cryptographic hash value that can be verified by a system administrator prior to installation.

Check Contents

Review the application documentation and interview the application administrator to determine the process and commands used for patching the application.

Access application configuration settings.

Review commands and procedures used to patch the application and ensure a capability exists to prevent unsigned patches from being applied.

If the application is not capable of preventing installation of patches and packages that are not signed, or if the vendor does not provide a cryptographic hash value that can be manually checked prior to installation, this is a finding.

Vulnerability Number

V-222513

Documentable

False

Rule Version

APSC-DV-001430

Severity Override Guidance

Review the application documentation and interview the application administrator to determine the process and commands used for patching the application.

Access application configuration settings.

Review commands and procedures used to patch the application and ensure a capability exists to prevent unsigned patches from being applied.

If the application is not capable of preventing installation of patches and packages that are not signed, or if the vendor does not provide a cryptographic hash value that can be manually checked prior to installation, this is a finding.

Check Content Reference

M

Target Key

4093

Comments