====== 1.2.2 Ensure GPG keys are configured (Not Scored) ======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>
=====Description=====
Most packages managers implement GPG key signing to verify package integrity during installation.
=====Rationale=====
It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation of malware on the system.
=====Audit===== 
Run the following command and verify GPG keys are configured correctly for your package manager:
<Code:bash>
# apt-key list
</Code>
=====Remediation===== 
Update your package manager GPG keys in accordance with site policy.