CCI-004957

Defines a frequency for installing security-relevant software updates using organization-defined automated mechanisms.

Implementation Guidance

Determine if system components have applicable security-relevant software and firmware updates installed [SI-02(02)_ODP[02]; the frequency at which to determine if applicable security-relevant software and firmware updates are installed on system components is defined] using [SI-02(02)_ODP[01]; automated mechanisms to determine if applicable security-relevant software and firmware updates are installed on system components are defined].

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing flaw remediation; automated mechanisms supporting centralized management of flaw remediation; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel responsible for flaw remediation]. Test: [SELECT FROM: Automated mechanisms used to determine the state of system components with regard to flaw remediation].

The controls below (if any) were marked by NIST as being related to CCI-004957.