SI-2(2): Automated Flaw Remediation Status

Parent Control:

SI-2: Flaw Remediation

CSF v1.1 References:


  • Moderate
  • High

Previous Version:

Control Statement

Determine if system components have applicable security-relevant software and firmware updates installed using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency].

Supplemental Guidance

Automated mechanisms can track and determine the status of known flaws for system components.