SI-2(6): Removal Of Previous Versions Of Software / Firmware

Control Family:

System And Information Integrity

Parent Control:

SI-2: Flaw Remediation

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-2(6): Removal of Previous Versions of Software and Firmware

Control Statement

The organization removes [Assignment: organization-defined software and firmware components] after updated versions have been installed.

Supplemental Guidance

Previous versions of software and/or firmware components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software and/or firmware automatically from the information system.