VM-08—Infrastructure Patch Management

>Control Description

Organization installs security-relevant patches, including software or firmware updates; identified end-of-life software must have a documented decommission plan in place.

Theme

Process

Type

Preventive

Policy/Standard

Infrastructure Management Policy

>Implementation Guidance

1. Ensure that a process for patch management and end-of-life requirements is defined and documented. 2. Ensure that patch updates are implemented for all compute resources. 3. Ensure all end-of-life software are decommissioned with a documented plan.

>Testing Procedure

1. Inspect and validate that a process for patch management and end-of-life requirements is defined and documented. 2. For a sample of servers/virtual machine validate that patch updates are implemented. 3. For a sample of end-of-life software validate that it was decommissioned with a documented plan.

>Audit Artifacts

E-VM-09

E-VM-10

E-VM-11

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

CIS Controls2

FedRAMP Rev 53

PCI DSS2

HIPAA Security Rule1

SOC 21

Cyber Essentials1

BSI C51

TX-RAMP3

Ask AI

CIS Controls
2

FedRAMP Rev 5
3

PCI DSS
2

HIPAA Security Rule
1

SOC 2
1

Cyber Essentials
1

BSI C5
1

TX-RAMP
3