|
controlSI-2
Flaw Remediation (SI-2)
Identify, report, and correct system flaws; Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; Install security-relevant software and firmware updates within [organization-defined] of the release of the updates; and Incorporate flaw remediation into the organizational configuration management process.
Security Baselines
LOWMODERATEHIGH
integritymalwareflaw-remediationmonitoring
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports25
These related controls work together — a change to one may affect the others.
Mitigates5
This control helps defend against or reduce the risk of the linked threat technique.
Enhances7
These enhancements add specific capabilities or refinements to the base control.
Related Controls(15)
CA-5Plan of Action and Milestones (CA-5)
LMH
CM-3Configuration Change Control (CM-3)MH
CM-4Impact Analyses (CM-4)LMH
CM-5Access Restrictions for Change (CM-5)LMH
CM-6Configuration Settings (CM-6)LMH
CM-8System Component Inventory (CM-8)LMH
MA-2Controlled Maintenance (MA-2)LMH
RA-5Vulnerability Monitoring and Scanning (RA-5)LMH
SA-10Developer Configuration Management (SA-10)MH
SA-11Developer Testing and Evaluation (SA-11)MH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SI-3Malicious Code Protection (SI-3)LMH
SI-5Security Alerts, Advisories, and Directives (SI-5)LMH
SI-7Software, Firmware, and Information Integrity (SI-7)MH
SI-11Error Handling (SI-11)MH
Threat Coverage(5 ATT&CK techniques)
Control Enhancements(7)
SI-2(1)Central Management (SI-2(1))WSI-2(2)Automated Flaw Remediation Status (SI-2(2))
MH
SI-2(3)Time to Remediate Flaws and Benchmarks for Corrective Actions (SI-2(3))SI-2(4)Automated Patch Management Tools (SI-2(4))SI-2(5)Automatic Software and Firmware Updates (SI-2(5))SI-2(6)Removal of Previous Versions of Software and Firmware (SI-2(6))SI-2(7)Root Cause Analysis (SI-2(7))