The system must employ automated mechanisms or must have an application installed that, on an organization defined frequency determines the state of information system components with regard to flaw remediation.

From Windows 8/8.1 Security Technical Implementation Guide

Associated with IA controls: VIVM-1

Associated with: CCI-001233

SV-48383r2_rule The system must employ automated mechanisms or must have an application installed that, on an organization defined frequency determines the state of information system components with regard to flaw remediation.

Vulnerability discussion

Organizations are required to identify information systems containing software affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) and report this information to designated organizational officials with information security responsibilities (e.g., senior information security officers, information system security managers, information systems security officers). To support this requirement, an automated process or mechanism is required.

Check content

Verify the organization has an automated process to scan systems for identified software flaws and vulnerabilities. If it does not, this is a finding.

Fix text

Establish an automated process to scan systems for identified software flaws and vulnerabilities.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.