Rule ID
SV-283414r1194936_rule
Version
V1R1
CCIs
Security flaws with firmware are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant firmware updates. Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously.
Verify software updates are consistently applied to the HPE Alletra Storage ArcusOS device within the time frame defined for each patch.
Check the software version:
cli% showversion
Release version 10.3.0
Component Name Version
CLI Server 10.3.0
CLI Client 10.3.0
System Manager 10.3.0
Kernel 10.3.0
IO Stack 10.3.0
Drive Firmware 10.3.0
Enclosure Firmware 10.3.0
Upgrade Tool 61 (231107)
If the HPE Alletra Storage ArcusOS device does not have security-relevant updates installed within the time period directed by the authoritative source, this is a finding.Install the latest approved update through the web UI. 1. Select "system" from left navigation pane. 2. Select "software" from main navigation pane. 3. Select "Load an update package" from the Actions pane. 4. Choose a file location from which to upload. 5. Return to the software screen and select "Update software" from the Actions pane. 6. Verify the version selected for update is listed/selected, and then click "Install".