UCF STIG Viewer Logo

The IAO/SA does not subscribe to vendor security patches and update notifications.


Finding ID Version Rule ID IA Controls Severity
V-15845 ESX0460 SV-16786r1_rule ECSC-1 Low
Organizations need to stay current with all applicable ESX Server software updates that are released from VMware. In order to be aware of updates as they are released, virtualization server administrators will subscribe to ESX Server vendor security notices, updates, and patches to ensure that all new vulnerabilities are known. New ESX Server patches and updates should be reviewed in a test environment for the ESX Server before moving them into a production environment.
VMware ESX 3 Policy 2016-05-03


Check Text ( C-16193r1_chk )
Ask the IAO/SA to provide actual update notification to verify that they are on the subscription list. The email subscription for VMware is security-announce@lists.vmware.com. If no emails or documentation can be provided, this is a finding.
Fix Text (F-15799r1_fix)
Subscribe to vendor security and patch notifications.