CCI-001232 requires automatic installation of software updates. RHEL6 can be configured to do this using yum, but it is not recommended in production systems. Guidance should be added to the software updates section of the guide to provide guidance on updating best practices. A ticket has been created in Trac for this.
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/software/updating.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/rhel6/src/input/system/software/updating.xml b/rhel6/src/input/system/software/updating.xml index a759d62..8ca49bc 100644 --- a/rhel6/src/input/system/software/updating.xml +++ b/rhel6/src/input/system/software/updating.xml @@ -61,7 +61,7 @@ To actually install these updates, run: Installing software updates is a fundamental mitigation against the exploitation of publicly-known vulnerabilities. </rationale> -<ref nist="SI-2"/> +<ref nist="SI-2" disa="1232"/> </Rule> <!-- yum-updatesd is not part of RHEL 6 --> <!--<Rule id="disable_yum-updatesd"> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
