Navigate

CCI-002603

CCI-002603 Definition

Test firmware updates related to flaw remediation for potential side effects before installation.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process for regression testing IAW CM-4 to identify any potential side effects before installation of software updates.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and test results to ensure the organization being inspected/assessed tests firmware updates related to flaw remediation for potential side effects before installation.

Compelling Evidence

1.) Signed and dated system security plan. 2.) Continuous monitoring plan. 3.) Reference to system security plan and continuous monitoring plan sections pertaining to the process for testing firmware updates. 4.) Signed and dated testing process logs.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002603.

Control	Description
SI-2	The organization: a: Identifies, reports, and corrects information system flaws; b: Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c: Installs security-relevant software and firmware updates within [one of ] of the release of the updates; and d: Incorporates flaw remediation into the organizational configuration management process.

Control

Description

SI-2

The organization:

a: Identifies, reports, and corrects information system flaws;

b: Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

c: Installs security-relevant software and firmware updates within [one of ] of the release of the updates; and

d: Incorporates flaw remediation into the organizational configuration management process.