SI-14(1): Refresh from Trusted Sources

Parent Control:

SI-14: Non-persistence

Threats Addressed:


(Not part of any baseline)

Previous Version:

Control Statement

Obtain software and data employed during system component and service refreshes from the following trusted sources: [Assignment: organization-defined trusted sources].

Supplemental Guidance

Trusted sources include software and data from write-once, read-only media or from selected offline secure storage facilities.