Navigate

CCI-002611

CCI-002611 Definition

The organization defines the security-relevant software updates to be automatically installed on organization-defined information system components.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the security-relevant software updates to be automatically installed on organization-defined information system components. DoD has determined the security-relevant software updates are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security-relevant software updates to ensure the organization being inspected/assessed defines the security-relevant software updates to be automatically installed on organization-defined information system components. DoD has determined the security-relevant software updates are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated system security plan with section on the security-relevant software updates to be automatically installed on organization-defined information system components.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002611.

Control	Description
SI-2 (5)	The organization installs [Assignment: organization-defined security-relevant software and firmware updates] automatically to [Assignment: organization-defined information system components].