Navigate

SI-2(6)

SI-2(6): Removal of Previous Versions of Software and Firmware

Remove previous versions of [software and firmware components to be removed after updated versions have been installed are defined;] after updated versions have been installed.

Supplemental

Previous versions of software or firmware components that are not removed from the system after updates have been installed may be exploited by adversaries. Some products may automatically remove previous versions of software and firmware from the system.

CIA Levels
Confidentiality	unknown
Integrity	low
Availability	unknown

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-2(6).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-2(6).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-2(6).

CCI	Definition
CCI-002615	Defines the software components to remove previous versions after updated versions have been installed.
CCI-002616	Defines the firmware components to remove previous versions after updated versions have been installed.
CCI-002617	Remove previous versions of organization-defined software components after updated versions have been installed.
CCI-002618	Remove previous versions of organization-defined firmware components after updated versions have been installed.