STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Dell OS10 Switch NDM Security Technical Implementation Guide

V-269799

CAT II (Medium)

The application must install security-relevant firmware updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

Rule ID

SV-269799r1051782_rule

STIG

Dell OS10 Switch NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002605

Discussion

Security flaws with firmware are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant firmware updates. Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously. Organization-defined time periods for updating security-relevant firmware may vary based on a variety of factors including, for example, the security category of the information system or the criticality of the update (i.e., severity of the vulnerability related to the discovered flaw). This requirement will apply to software patch management solutions that are used to install firmware patches across the enclave (e.g., mobile device management solutions). Patch criticality, as well as system criticality will vary. Therefore, the tactical situations regarding the patch management process will also vary. This means that the time period used must be a configurable parameter. Time frames for application of security-relevant firmware updates may be dependent upon the Information Assurance Vulnerability Management (IAVM) process. The application will be configured to check for and install security-relevant firmware updates within an identified time period from the availability of the update. The specific time period will be defined by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

Check Content

Verify the OS10 Switch version by entering the following command: 

OS10# show version

Verify the release is the most recent approved release available on Dell.com. All OS10 releases supported by Dell can be found at https://www.dell.com/support.

If the OS10 Switch is not running an approved release within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs), this is a finding.

Fix Text

Upgrade the network device to the latest version of the desired LTS version of OS10 available from Dell support.

Step 1: Download the OS10 image file and GPG signature using secure file transfer from a trusted local server:

OS10# image download https://hostip/filepath/PKGS_OS10-Enterprise-10.5.6.2.110buster-installer-x86_64.bin
Download started.
Use 'show image status' for updates
OS10#
OS10# show image status
Image Upgrade State:     idle
==================================================
File Transfer State:     transfer-success
--------------------------------------------------
  State Detail:          Completed: No error
  Task Start:            2024-04-26T16:52:54Z
  Task End:              2024-04-26T16:53:18Z
  Transfer Progress:     100 %
  Transfer Bytes:        959310070 bytes
  File Size:             959310070 bytes
  Transfer Rate:         44447 kbps

Installation State:      idle
--------------------------------------------------
  State Detail:          No install information available
  Task Start:            0000-00-00T00:00:00Z
  Task End:              0000-00-00T00:00:00Z
OS10#
OS10# image download https://hostip/filepath/PKGS_OS10-Enterprise-10.5.6.2.110buster-installer-x86_64.bin.gpg
OS10#
OS10#
OS10# dir image

Directory contents for folder: image
Date (modified)        Size (bytes)  Name
---------------------  ------------  ------------------------------------------
2024-04-26T16:53:16Z   959310070     PKGS_OS10-Enterprise-10.5.6.2.110buster-installer-x86_64.bin
2024-04-26T16:57:36Z   566           PKGS_OS10-Enterprise-10.5.6.2.110buster-installer-x86_64.bin.gpg
OS10#

Step 2: Load the Dell GPG signing key and verify the image GPG signature:

OS10# image gpg-key key-server keyserver.ubuntu.com key-id 7FDA043B
OS10#
OS10# image verify image://PKGS_OS10-Enterprise-10.5.6.2.110buster-installer-x86_64.bin gpg signature image://PKGS_OS10-Enterprise-10.5.6.2.110buster-installer-x86_64.bin.gpg
Image verified successfully.
OS10#

Step 3: install the new OS10 image into the backup image partition:

OS10# image install image://PKGS_OS10-Enterprise-10.5.6.2.110buster-installer-x86_64.bin
Info: Take the Backup of the configs which can be used during downgrade
Install started.
Use 'show image status' for updates
OS10#
OS10# show image status
Image Upgrade State:     idle
==================================================
File Transfer State:     transfer-success
--------------------------------------------------
  State Detail:          Completed: No error
  Task Start:            2024-04-26T16:58:01Z
  Task End:              2024-04-26T16:58:01Z
  Transfer Progress:     100 %
  Transfer Bytes:        350 bytes
  File Size:             350 bytes
  Transfer Rate:         3 kbps

Installation State:      install-success
--------------------------------------------------
  State Detail:          Completed: Success
  Task Start:            2024-04-26T17:04:48Z
  Task End:              2024-04-26T17:22:03Z
OS10#

Step 4: Switch the standby image to be the boot image and reboot the switch:

OS10#
OS10# boot system standby
OS10#
OS10# reload

Proceed to reboot the system? [confirm yes/no]:yes