Skip to main content

SI-2 Flaw Remediation

Description

The University identifies, reports, and corrects information resource security flaws.

Applicability

  • The information resource owner, or designee, is responsible for ensuring that all requirements of this Control are satisfied.

Implementation

  • The university is responsible for:
  • 1 - Identifying, reporting, and correcting information resource security flaws as described in RA-5.
  • 2 - Testing software and firmware updates related to security flaw remediation for effectiveness and potential side effects before installation as described in CM-1.
  • 3 - Installing security-relevant software and firmware updates within timelines as specified in CM-1.
  • 4 - Incorporating security flaw remediation into the unit’s configuration management process (CM-3).