Navigate

CCI-002606

CCI-002606 Definition

The organization defines the time period following the release of updates within which security-related firmware updates are to be installed.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the time period as 30 days.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the time period as 30 days

Compelling Evidence

Automatically compliant.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002606.

Control	Description
SI-2	The organization: SI-2a.: Identifies, reports, and corrects information system flaws; SI-2b.: Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; SI-2c.: Installs security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and SI-2d.: Incorporates flaw remediation into the organizational configuration management process.

Control

Description

SI-2

The organization:

SI-2a.: Identifies, reports, and corrects information system flaws;

SI-2b.: Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

SI-2c.: Installs security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and

SI-2d.: Incorporates flaw remediation into the organizational configuration management process.