SI-2(6): Removal Of Previous Versions Of Software / Firmware

Parent Control:

SI-2: Flaw Remediation

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The organization removes [Assignment: organization-defined software and firmware components] after updated versions have been installed.

Supplemental Guidance

Previous versions of software and/or firmware components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software and/or firmware automatically from the information system.