STIGQter STIGQter: STIG Summary: Canonical Ubuntu 16.04 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020: Ubuntu vendor packaged system security patches and updates must be installed and up to date.

DISA Rule

SV-90071r5_rule

Vulnerability Number

V-75391

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

UBTU-16-010010

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Install the Ubuntu operating system patches or updated packages available from Canonical within 30 days or sooner as local policy dictates.

Check Contents

Verify the Ubuntu operating system security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by the site or Program Management Office (PMO).

Obtain the list of available package security updates from Ubuntu. The URL for updates is https://www.Ubuntu.com/usn/. It is important to note that updates provided by Ubuntu may not be present on the system if the underlying packages are not installed.

Check that the available package security updates have been installed on the system with the following command:

# /usr/lib/update-notifier/apt-check --human-readable

246 packages can be updated.
0 updates are security updates.

If security package updates have not been performed on the system within the timeframe that the site/program documentation requires, this is a finding.

Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from JFHQ-DoDIN.

If the Ubuntu operating system is in non-compliance with the Information Assurance Vulnerability Management (IAVM) process, this is a finding.

Vulnerability Number

V-75391

Documentable

False

Rule Version

UBTU-16-010010

Severity Override Guidance

Verify the Ubuntu operating system security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by the site or Program Management Office (PMO).

Obtain the list of available package security updates from Ubuntu. The URL for updates is https://www.Ubuntu.com/usn/. It is important to note that updates provided by Ubuntu may not be present on the system if the underlying packages are not installed.

Check that the available package security updates have been installed on the system with the following command:

# /usr/lib/update-notifier/apt-check --human-readable

246 packages can be updated.
0 updates are security updates.

If security package updates have not been performed on the system within the timeframe that the site/program documentation requires, this is a finding.

Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from JFHQ-DoDIN.

If the Ubuntu operating system is in non-compliance with the Information Assurance Vulnerability Management (IAVM) process, this is a finding.

Check Content Reference

M

Target Key

3075

Comments