The application must support organizational requirements to employ automated patch management tools to facilitate flaw remediation to organization-defined information system components. Patch management tools must be automated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35705	SRG-APP-000271-MAPP-NA	SV-46992r1_rule		Medium

Description
The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling, shall also be addressed expeditiously. Due to information system integrity and availability concerns, organizations shall give careful consideration to the methodology used to carry out automatic updates. Rationale for non-applicability: Automated updates of mobile application software is an MDM function and is therefore outside the scope of this SRG.

Description

The organization (including any contractor to the organization) shall promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling, shall also be addressed expeditiously. Due to information system integrity and availability concerns, organizations shall give careful consideration to the methodology used to carry out automatic updates. Rationale for non-applicability: Automated updates of mobile application software is an MDM function and is therefore outside the scope of this SRG.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-44048r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40248r1_fix)
The requirement is NA. No fix is required.