>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-2(2)Flaw Remediation | Automated Flaw Remediation Status

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Determine if system components have applicable security-relevant software and firmware updates installed using organization-defined automated mechanisms organization-defined frequency.

>DoD Impact Level Requirements

FedRAMP Parameter Values

SI-2 (2)-2 [at least monthly]

>Discussion

Automated mechanisms can track and determine the status of known flaws for system components.

>Programmatic Queries

Beta

Related Services

AWS Patch Manager
AWS Systems Manager
EC2 Image Builder

CLI Commands

Get patch compliance summary for managed instances
aws ssm describe-patch-group-state --patch-group patch-group-name
List available patches for instances
aws ssm describe-available-patches --filters Key=CLASSIFICATION,Values=Security
Get compliance status for a specific instance
aws ssm list-compliance-items --resource-ids i-0123456789abcdef0 --resource-types ManagedInstance
Execute patch scan on managed instances
aws ssm send-command --document-name AWS-RunPatchBaseline --instance-ids i-0123456789abcdef0
Open AWS ConsoleDocumentation

>Related Controls

CA-7
SI-4

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern automated flaw remediation status?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?
  • What is your process for identifying, reporting, and remediating flaws and vulnerabilities?
  • What is your patch management process and timeline?

Technical Implementation:

  • What technical controls detect and respond to automated flaw remediation status issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What tools are used to identify software flaws and vulnerabilities?
  • How do you ensure timely installation of security-relevant patches?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-2(2) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide recent vulnerability reports and POA&M items?
  • Can you show recent patch installation records?

Ask AI

Configure your API key to use AI features.