Review the application documentation to identify application versions and patching.
Interview the application administrator and inquire about patching process.
Review IAVMs and CTOs to determine if the application is being updated in accordance with authoritative sources.
If application updates are not checked on at least on a weekly basis and applied immediately or in accordance with POA&Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources, this is a finding.
Fix Text (F-24273r493751_fix)
Check for application updates at least weekly and apply patches immediately or in accordance with POA&Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.