Navigate

RA-5(2)

RA-5(2): Update by Frequency / Prior to New Scan / When Identified

The organization updates the information system vulnerabilities scanned [one or more of {{ insert: param, ra-5.2_prm_2 }} /prior to a new scan/when new vulnerabilities are identified and reported].

Supplemental

CIA Levels
Confidentiality	high
Integrity	high
Availability	high

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to RA-5(2).

Control	Description
SI-3	The organization: a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; c: Configures malicious code protection mechanisms to: 1: Perform periodic scans of the information system [organization-defined frequency] and real-time scans of files from external sources at [one or more of endpoint/network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and 2: [one or more of block malicious code/quarantine malicious code/send alert to administrator/ {{ insert: param, si-3_prm_4 }} ] in response to malicious code detection; and d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.
SI-5	The organization: a: Receives information system security alerts, advisories, and directives from [organization-defined external organizations] on an ongoing basis; b: Generates internal security alerts, advisories, and directives as deemed necessary; c: Disseminates security alerts, advisories, and directives to: [one or more of {{ insert: param, si-5_prm_3 }} / {{ insert: param, si-5_prm_4 }} / {{ insert: param, si-5_prm_5 }} ]; and d: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Control

Description

SI-3

The organization:

a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;

c: Configures malicious code protection mechanisms to:
- 1: Perform periodic scans of the information system [organization-defined frequency] and real-time scans of files from external sources at [one or more of endpoint/network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and
- 2: [one or more of block malicious code/quarantine malicious code/send alert to administrator/ {{ insert: param, si-3_prm_4 }} ] in response to malicious code detection; and

d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

SI-5

The organization:

a: Receives information system security alerts, advisories, and directives from [organization-defined external organizations] on an ongoing basis;

b: Generates internal security alerts, advisories, and directives as deemed necessary;

c: Disseminates security alerts, advisories, and directives to: [one or more of {{ insert: param, si-5_prm_3 }} / {{ insert: param, si-5_prm_4 }} / {{ insert: param, si-5_prm_5 }} ]; and

d: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Enhancements

The controls below (if any) add on to the requirements of RA-5(2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to RA-5(2).

CCI	Definition
CCI-001063	Update the system vulnerabilities scanned on an organization-defined frequency, prior to a new scan, and/or when new vulnerabilities are identified and reported.
CCI-001064	Defines a frequency for updating the system vulnerabilities scanned.