SI-2(6): Removal of Previous Versions of Software and Firmware

Control Family:

System and Information Integrity

Parent Control:

SI-2: Flaw Remediation

CSF v1.1 References:

ID.RA-1
PR.IP-12

Threats Addressed:

Tampering
Elevation of Privilege
Lateral Movement

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SI-2(6): Removal Of Previous Versions Of Software / Firmware

Control Statement

Remove previous versions of [Assignment: organization-defined software and firmware components] after updated versions have been installed.

Supplemental Guidance

Previous versions of software or firmware components that are not removed from the system after updates have been installed may be exploited by adversaries. Some products may automatically remove previous versions of software and firmware from the system.