353 – Schedule firmware updates

Summary

Devices should update their own firmware upon a predefined schedule.

Description

Keeping the firmware up to date can be useful for devices to operate with improved stability and performance, minimizing the likelihood of malfunctions or system crashes. These updates often include security patches that address vulnerabilities discovered in the previous releases of the application. Regular updates ensure that devices are protected against those vulnerabilities.

Supported In

Advanced: True

References

• CIS-7_3. Perform automated operating system patch management
• CWE-367. Time-of-check time-of-use (TOCTOU) race condition
• CWE-830. Inclusion of web functionality from an untrusted source
• OWASP10-A5. Security misconfiguration
• OWASP10-A6. Vulnerable and outdated components
• AGILE-3. Deliver working software frequently
• MITRE-M1051. Update software
• PADSS-5_4_6. Process in place to review application updates
• PADSS-6_1. The wireless technology must be implemented securely
• CMMC-SI_L1-3_14_4. Update malicious code protection
• FEDRAMP-CM-2_1. Baseline configuration - Reviews and updates
• ISO27002-8_7. Protection against malware
• ISO27002-8_8. Management of technical vulnerabilities
• ISO27002-8_19. Installation of software on operational systems
• IEC62443-RA-7_7. Least functionality
• OSSTMM3-10_5_2. Telecommunications security (access verification) - Services
• NISTSSDF-PW_4_1. Reuse existing, well-secured software when feasible instead of duplicating functionality
• ISSAF-J_7_2. Network security - Anti-virus system (check end user antivirus)
• ISSAF-L_4_3. Network security - WLAN security (audit and review)
• PTES-5_2_3_3. Vulnerability analysis - Web application scanners (web server version)
• NIST800171-1_18. Control connection of mobile devices
• SWIFTCSC-2_2. Security updates
• OSAMM-OM. Operational Management
• C2M2-1_4_e. Manage changes to IT and OT assets
• C2M2-9_3_l. Implement IT and OT asset security for cybersecurity architecture
• PCI-6_3_3. Security vulnerabilities are identified and addressed
• ISO27001-8_7. Protection against malware
• ISO27001-8_8. Management of technical vulnerabilities
• ISO27001-8_19. Installation of software on operational systems

Last updated

2024/02/09