PR.PS-02—Software is maintained, replaced, and removed commensurate with risk
>Control Description
This platform security subcategory ensures that software is maintained, replaced, and removed commensurate with risk. Key activities include: Perform routine and emergency patching within the timeframes specified in the vulnerability management plan; Update container images, and deploy new container instances to replace rather than update existing instances; Replace end-of-life software and service versions with supported, maintained versions.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
AIS-04
AIS-05
AIS-07
CCC-04
CCC-09
DSP-02
TVM-03
TVM-04
+5 more
CIS Controls v8.0
2.2
2.3
CIS Controls v8.1
2.2
2.3
CRI Profile v2.0
PR.PS-02
PR.PS-02.01
PR.PS-02.02
PR.PS-02.03
CSF v1.1
PR.IP-12
PR.MA-2
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 5.9
NICE Framework
DD-WRL-001
DD-WRL-002
DD-WRL-005
DD-WRL-006
IO-WRL-005
IO-WRL-007
OG-WRL-013
PD-WRL-004
PCI DSS
6.3.3
6.3.1
6.3.2
12.3.4
SCF
MNT-01
MNT-02
MNT-03
MNT-03.1
PRM-07
SEA-07.1
TDA-17
VPM-01
+3 more
SP 800-171 Rev 3
03.14.01
SP 800-218
PO.5.2
SP 800-53 Rev 5.1.1
CM-11
MA-03(06)
SA-10(01)
SI-02
SI-07
SP 800-53 Rev 5.2.0
CM-11
MA-03(06)
SA-10(01)
SI-02
SI-07
Ask AI
Configure your API key to use AI features.