From the ISO:
Steps for Remediation
------------------------------
* This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is the only way to completely mitigate the vulnerability.
* The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients; however, it can only protect connections when the client and service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.
NOTE: Older network devices may only support SSL, and disabling SSL 3.0 could prevent them from being able to configure their modem, router, or printer. In such cases, it may be necessary to consider updating devices or pursuing an exception with related controls.
Once remediated, TSCs are asked to make use of SelfScan to verify the system is properly secured (credentialed scans are encouraged for best accuracy):
SelfScan
https://selfscan.security.utexas.edu/howtos/
You can also test servers out with: https://ssllabs.com/
Clients can be checked via: https://www.poodletest.com
------------------------------
Additional commands:
From a Linux of Mac system
openssl s_client -connect ipaddress/hostname:443 -ssl3
example: openssl s_client -connect mpc.ece.utexas.edu:443 -ssl3
Alternatively, you can use nmap to scan server for supported version:
nmap --script ssl-enum-ciphers mpc.ece.utexas.edu
Additional References from the ISO:
------------------------------
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566