SI-2 Flaw Remediation
Description
The University identifies, reports, and corrects information resource security flaws.
Applicability
- The information resource owner, or designee, is responsible for ensuring that all requirements of this Control are satisfied.
Implementation
- The university is responsible for:
- 1 - Identifying, reporting, and correcting information resource security flaws as described in RA-5.
- 2 - Testing software and firmware updates related to security flaw remediation for effectiveness and potential side effects before installation as described in CM-1.
- 3 - Installing security-relevant software and firmware updates within timelines as specified in CM-1.
- 4 - Incorporating security flaw remediation into the unit’s configuration management process (CM-3).