>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-2(3)Flaw Remediation

Operational

>Control Description

FLAW REMEDIATION | TIME TO REMEDIATE FLAWS / BENCHMARKS FOR CORRECTIVE ACTIONS (a) The organization measures the time between flaw identification and flaw remediation; and (b) The organization establishes organization-defined benchmarks for taking corrective actions.

>Supplemental Guidance

This control enhancement requires organizations to determine the current time it takes on the average to correct information system flaws after such flaws have been identified, and subsequently establish organizational benchmarks (i.e., time frames) for taking corrective actions. Benchmarks can be established by type of flaw and/or severity of the potential vulnerability if the flaw can be exploited.

Ask AI

Configure your API key to use AI features.