STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

Security-relevant software updates to DB2 must be installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).

DISA Rule

SV-89285r1_rule

Vulnerability Number

V-74611

Group Title

SRG-APP-000456-DB-000390

Rule Version

DB2X-00-009500

Severity

CAT I

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Institute and adhere to policies and procedures to ensure that patches are consistently applied to DB2 within the time allowed.

Check Contents

Obtain evidence that software patches are consistently applied to DB2 within the time frame defined for each patch.

If such evidence cannot be obtained, or the evidence that is obtained indicates a pattern of noncompliance, this is a finding.

Vulnerability Number

V-74611

Documentable

False

Rule Version

DB2X-00-009500

Severity Override Guidance

Obtain evidence that software patches are consistently applied to DB2 within the time frame defined for each patch.

If such evidence cannot be obtained, or the evidence that is obtained indicates a pattern of noncompliance, this is a finding.

Check Content Reference

M

Target Key

3161

Comments