11.4: Install the Latest Stable Version of Any Security-Related Updates on All Network Devices
Sub-control 11.4 states that you must ensure that all system data is automatically backed up on a regular basis.
| Asset Type | Security Function | Implementation Groups |
|---|---|---|
| Network | Protect | 1, 2, 3 |
Dependencies
- Sub-control 1.4: Maintain Detailed Asset Inventory
- Sub-control 1.5: Maintain Asset Inventory Information
Inputs
-
Network device inventory: The network device inventory, derived from the endpoint inventory (sub-control 1.4).
-
Network device version information: A list of acceptable versions for each model of network device in I1. This version information needs to be updated frequently to reflect current version information and age off outdated versions.
Operations
-
For each network device in I1, compare the network device’s version to the allowable versions from I2.
-
Generate a list of those network devices that match an allowable version (M1).
-
Generate a list of those network devices that do not match an allowable version (M2).
Measures
| Measure | Definition |
|---|---|
| M1 = List of network devices |
A list of network devices. |
|
M2 = Count of items in M1 |
A count of the total number of items in M1. |
| M3 = List of network devices that match an allowable version (compliant list) | A list of network devices that match an allowable version. |
| M4 = Count of items in M3 | A count of the total number of items in M3. |
| M5 = List of network devices that do not match an allowable version (non-compliant list) | A list of network devices that do not match an allowable version. |
| M6 = Count of items in M5 | A count of the total number of items in M5. |
Metrics
Coverage
| Metric | Calculation |
|---|---|
| The percentage of inventoried network devices that match the allowable version for that device/OS. | If M2 > 0, then M4 / M2; otherwise 0 |