SI-2(5)—Flaw Remediation
Operational
>Control Description
FLAW REMEDIATION | AUTOMATIC SOFTWARE / FIRMWARE UPDATES The organization installs ⚙organization-defined security-relevant software and firmware updates automatically to ⚙organization-defined information system components.
>Supplemental Guidance
Due to information system integrity and availability concerns, organizations give careful consideration to the methodology used to carry out automatic updates. Organizations must balance the need to ensure that the updates are installed as soon as possible with the need to maintain configuration management and with any mission or operational impacts that automatic updates might impose.
>Tailoring Guidance
This security control/enhancement specifies the use of an automated mechanism. While there are obvious benefits to the use of such mechanisms, in most cases the use of manual mechanisms will suffice.
Ask AI
Configure your API key to use AI features.