Navigate

CCI-002612

CCI-002612 Definition

The organization defines the security-relevant firmware updates to be automatically installed on organization-defined information system components.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the security-relevant firmware updates to be automatically installed on organization-defined information system components. DoD has determined the security-relevant firmware updates are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security-relevant firmware updates to ensure the organization being inspected/assessed defines the security-relevant firmware updates to be automatically installed on organization-defined information system components. DoD has determined the security-relevant firmware updates are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated system security plan that defines the security-relevant firmware updates to be automatically installed on organization-defined information system components.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002612.

Control	Description
SI-2 (5)	The organization installs [Assignment: organization-defined security-relevant software and firmware updates] automatically to [Assignment: organization-defined information system components].