Navigate

CCI-002608

CCI-002608 Definition

The organization establishes organization-defined benchmarks for the time taken to apply corrective actions after flaw identification.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed implements benchmarks for the time taken to apply corrective actions after flaw identification IAW the period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, STIGs). DoD has defined the benchmarks as within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, STIGs).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines records of corrective actions taken to ensure the organization being inspected/assessed implements benchmarks for the time taken to apply corrective actions after flaw identification IAW the period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, STIGs). DoD has defined the benchmarks as within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, STIGs).

Compelling Evidence

1.) Implementation documentation of benchmarks for the time taken to apply corrective actions after flaw identification IAW the period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, STIGs).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002608.

Control	Description
SI-2 (3)	The organization: SI-2 (3)(a): Measures the time between flaw identification and flaw remediation; and SI-2 (3)(b): Establishes [Assignment: organization-defined benchmarks] for taking corrective actions.