Navigate

CCI-001235

CCI-001235 Definition

The organization measures the time between flaw identification and flaw remediation.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to measure the time between flaw identification and flaw remediation. The organization must maintain an audit trail of flaw identification and flaw remediation.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of flaw identification and flaw remediation to ensure the organization being inspected/assessed measures the time between flaw identification and flaw remediation.

Compelling Evidence

1.) Provide signed and dated continuous monitoring plan 2.) Reference to continuous monitoring plan section pertaining to remediation and verification that the time between flaw identification and flaw remediation is measured. 3.) Audit trail of flaw identification and flaw remediation.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001235.

Control	Description
SI-2 (3)	The organization: SI-2 (3)(a): Measures the time between flaw identification and flaw remediation; and SI-2 (3)(b): Establishes [Assignment: organization-defined benchmarks] for taking corrective actions.