Navigate

CCI-001230

CCI-001230 Definition

The organization incorporates flaw remediation into the organizational configuration management process.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents within their configuration management plan, flaw remediation processes.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration management plan to ensure that it incorporates flaw remediation.

Compelling Evidence

1.) Signed and dated continuous monitoring plan. 2.) Reference to continuous monitoring plan section that refers to the flaw remediation process (identification, reporting, fixing)

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001230.

Control	Description
SI-2	The organization: SI-2a.: Identifies, reports, and corrects information system flaws; SI-2b.: Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; SI-2c.: Installs security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and SI-2d.: Incorporates flaw remediation into the organizational configuration management process.

Control

Description

SI-2

The organization:

SI-2a.: Identifies, reports, and corrects information system flaws;

SI-2b.: Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

SI-2c.: Installs security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and

SI-2d.: Incorporates flaw remediation into the organizational configuration management process.