STIGQter: STIG Summary: Test and Development Zone D Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Development systems must be part of a patch management solution.

DISA Rule

SV-51298r1_rule

Vulnerability Number

V-39440

Group Title

ENTD0100 - A patch management solution is not implemented for development systems.

Rule Version

ENTD0100

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement a patch management solution to keep development systems up to date with the latest security patches released by the vendor.

Check Contents

Determine whether the organization has a patch management solution in place to apply security patches released by the vendor. If a patch management solution has not been implemented and is not functioning to update development systems with the latest patches, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Vulnerability Number

V-39440

Documentable

False

Rule Version

ENTD0100

Severity Override Guidance

Determine whether the organization has a patch management solution in place to apply security patches released by the vendor. If a patch management solution has not been implemented and is not functioning to update development systems with the latest patches, this is a finding.

If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Check Content Reference

M

Target Key

1134

Comments