Schedule firmware updates
Summary
Devices should update their own firmware upon a predefined schedule.
Description
Keeping the firmware up to date can be useful for devices to operate with improved stability and performance, minimizing the likelihood of malfunctions or system crashes. These updates often include security patches that address vulnerabilities discovered in the previous releases of the application. Regular updates ensure that devices are protected against those vulnerabilities.
References
- CIS-7_3. Perform automated operating system patch management
- CWE-367. Time-of-check time-of-use (TOCTOU) race condition
- CWE-830. Inclusion of web functionality from an untrusted source
- OWASP10-A5. Security misconfiguration
- OWASP10-A6. Vulnerable and outdated components
- AGILE-3. Deliver working software frequently
- MITRE-M1051. Update software
- PADSS-5_4_6. Process in place to review application updates
- PADSS-6_1. The wireless technology must be implemented securely
- CMMC-SI_L1-3_14_4. Update malicious code protection
- FEDRAMP-CM-2_1. Baseline configuration - Reviews and updates
- ISO27002-8_7. Protection against malware
- ISO27002-8_8. Management of technical vulnerabilities
- ISO27002-8_19. Installation of software on operational systems
- IEC62443-RA-7_7. Least functionality
- OSSTMM3-10_5_2. Telecommunications security (access verification) - Services
- NISTSSDF-PW_4_1. Reuse existing, well-secured software when feasible instead of duplicating functionality
- ISSAF-J_7_2. Network security - Anti-virus system (check end user antivirus)
- ISSAF-L_4_3. Network security - WLAN security (audit and review)
- PTES-5_2_3_3. Vulnerability analysis - Web application scanners (web server version)
- NIST800171-1_18. Control connection of mobile devices
- SWIFTCSC-2_2. Security updates
- OSAMM-OM. Operational Management
- C2M2-1_4_e. Manage changes to IT and OT assets
- C2M2-9_3_l. Implement IT and OT asset security for cybersecurity architecture
- PCI-6_3_3. Security vulnerabilities are identified and addressed
- ISO27001-8_7. Protection against malware
- ISO27001-8_8. Management of technical vulnerabilities
- ISO27001-8_19. Installation of software on operational systems
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan