SI-2(5): Automatic Software / Firmware Updates

Control Family:

System And Information Integrity

Parent Control:

SI-2: Flaw Remediation

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

ID.RA-1
PR.IP-12

Threats Addressed:

Tampering
Elevation of Privilege
Lateral Movement

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-2(5): Automatic Software and Firmware Updates

Control Statement

The organization installs [Assignment: organization-defined security-relevant software and firmware updates] automatically to [Assignment: organization-defined information system components].

Supplemental Guidance

Due to information system integrity and availability concerns, organizations give careful consideration to the methodology used to carry out automatic updates. Organizations must balance the need to ensure that the updates are installed as soon as possible with the need to maintain configuration management and with any mission or operational impacts that automatic updates might impose.