SI-14(1): Refresh From Trusted Sources

Parent Control:

SI-14: Non-Persistence

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization ensures that software and data employed during information system component and service refreshes are obtained from [Assignment: organization-defined trusted sources].

Supplemental Guidance

Trusted sources include, for example, software/data from write-once, read-only media or from selected off-line secure storage facilities.