Free DISA STIG and SRG Library | Vaulted


The storage system must be operated at the latest maintenance update available from the vendor.

Finding ID
Rule ID
Cat II
Group Title
Target Key

The organization must install security-relevant updates (e.g., patches, maintenance updates, and version updates). Due to the potential need for isolation of the storage system from automatic update mechanisms, the organization must give careful consideration to the methodology used to carry out updates.

Fix Text

The software update process must be performed by the vendor's support organization. Contact the vendor's support organization to determine if an update is available. Note: it is possible no update is currently available for the specific product model being evaluated. This is not an error. If an update is available, the support organization will use this process to install the software. Acquire the system update image on DVD media from the vendor's support organization. Power on the Service Processor, and apply its software update first. Perform an Attach operation between the Service Processor and the disk array. Then apply the software update to the 3PAR system. Perform a Detach operation between the Service Processor and the disk array, and power off the Service Processor.

Check Content

Determine when the last update occurred, by entering the following command: cli% showpatch -hist The output fields are InstallTime Id Package Version Examine the InstallTime of the last entry in the output. If the last update occurred more than 3 months ago, verify on the vendor's website what the latest version is. If the current installation is not at the latest release, this is a finding.