Куда я попал?
CIS Critical Security Controls v8 (The 18 CIS CSC)
Framework
14.7
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
14.7 Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates
Train workforce to understand how to verify and report out-of-date software patches or any failures in automated processes and tools. Part of this training should include notifying IT personnel of any failures in automated processes and tools.Обязательно для implementation Group 1 2 3
Похожие требования
Guideline for a healthy information system v.2.0 (EN):
34 STANDARD
/STANDARD
New flaws are regularly discovered at the heart of systems and software. These are generally access doors that a hacker can exploit for a successful intrusion into the information system. It is, therefore, vital to stay informed of new vulnerabilities (follow CERT- FR alerts) and to apply the corrective security actions over all of the components of the system within the month following their publication. An update policy must therefore be defined and be a part of operational procedures.
These must specify:
New flaws are regularly discovered at the heart of systems and software. These are generally access doors that a hacker can exploit for a successful intrusion into the information system. It is, therefore, vital to stay informed of new vulnerabilities (follow CERT- FR alerts) and to apply the corrective security actions over all of the components of the system within the month following their publication. An update policy must therefore be defined and be a part of operational procedures.
These must specify:
- the way in which the inventory of the information system components is carried out;
- the sources of information relating to the publication of updates;
- the tools to deploy the corrective actions over the stock (for examples WSUS for updates for Microsoft components, free or paid tools for third party components and other operating systems);
- the possible qualification of corrective measure and their gradual deployement over the stock.
The obsolete components which are no longer supported by their manufacturers must be isolated from the rest of the system. This recommendation applies as much on the network level, by strict filtering of flows, as it does as regards the authentication secrets which must be dedicated to these systems.
Связанные защитные меры
Ничего не найдено