CCI-002618

Remove previous versions of organization-defined firmware components after updated versions have been installed.

Implementation Guidance

Determine if previous versions of [SI-02(06)_ODP; software and firmware components to be removed after updated versions have been installed are defined] are removed after updated versions have been installed.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing flaw remediation; mechanisms supporting flaw remediation; system design documentation; system configuration settings and associated documentation; records of software and firmware component removals after updated versions are installed; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel responsible for flaw remediation]. Test: [SELECT FROM: Mechanisms supporting and/or implementing the removal of previous versions of software/firmware].

The controls below (if any) were marked by NIST as being related to CCI-002618.