Schedule firmware updates
Summary
Devices should update their own firmware upon a predefined schedule.
Description
Keeping the firmware up to date can be useful for devices to operate with improved stability and performance, minimizing the likelihood of malfunctions or system crashes. These updates often include security patches that address vulnerabilities discovered in the previous releases of the application. Regular updates ensure that devices are protected against those vulnerabilities.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |
References
- CIS-7_3. Perform automated operating system patch management
- CWE™-367. Time-of-check time-of-use (TOCTOU) race condition
- CWE™-830. Inclusion of web functionality from an untrusted source
- OWASP TOP 10-A5. Security misconfiguration
- OWASP TOP 10-A6. Vulnerable and outdated components
- Agile Alliance-3. Deliver working software frequently
- MITRE ATT&CK®-M1051. Update software
- PA-DSS-5_4_6. Process in place to review application updates
- PA-DSS-6_1. The wireless technology must be implemented securely
- CMMC-SI_L1-3_14_4. Update malicious code protection
- FedRAMP-CM-2_1. Baseline configuration - Reviews and updates
- ISO/IEC 27002-8_7. Protection against malware
- ISO/IEC 27002-8_8. Management of technical vulnerabilities
- ISO/IEC 27002-8_19. Installation of software on operational systems
- ISA/IEC 62443-RA-7_7. Least functionality
- OSSTMM3-10_5_2. Telecommunications security (access verification) - Services
- NIST SSDF-PW_4_1. Reuse existing, well-secured software when feasible instead of duplicating functionality
- ISSAF-J_7_2. Network security - Anti-virus system (check end user antivirus)
- ISSAF-L_4_3. Network security - WLAN security (audit and review)
- PTES-5_2_3_3. Vulnerability analysis - Web application scanners (web server version)
- NIST 800-171-1_18. Control connection of mobile devices
- SWIFT CSCF-2_2. Security updates
- OWASP SAMM-OM. Operational Management
- C2M2-1_4_e. Manage changes to IT and OT assets
- C2M2-9_3_l. Implement IT and OT asset security for cybersecurity architecture
- PCI DSS-6_3_3. Security vulnerabilities are identified and addressed
- ISO/IEC 27001-8_7. Protection against malware
- ISO/IEC 27001-8_8. Management of technical vulnerabilities
- ISO/IEC 27001-8_19. Installation of software on operational systems
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.