Navigate

CCI-002640

CCI-002640 Definition

The organization incorporates the results from malicious code analysis into organizational flaw remediation processes.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed incorporates the results from malicious code analysis into organizational flaw remediation processes.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the flaw remediation processes to ensure the organization being inspected/assessed incorporates the results from malicious code analysis into organizational flaw remediation processes.

Compelling Evidence

1.) Signed and dated system security plan. 2.) Flaw remediation processes incorporate the results from malicious code analysis into organizational flaw remediation processes.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002640.

Control	Description
SI-3 (10)	The organization: SI-3 (10)(a): Employs [Assignment: organization-defined tools and techniques] to analyze the characteristics and behavior of malicious code; and SI-3 (10)(b): Incorporates the results from malicious code analysis into organizational incident response and flaw remediation processes.