{"id":1882,"date":"2024-08-27T16:17:08","date_gmt":"2024-08-27T16:17:08","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1882"},"modified":"2024-09-04T18:23:22","modified_gmt":"2024-09-04T18:23:22","slug":"si-2-flaw-remediation","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/system-and-information-integrity-si\/si-2-flaw-remediation\/","title":{"rendered":"SI-2: Flaw Remediation"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">SI-2: Flaw Remediation<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: <\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By:<\/strong> &nbsp;01\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: \u00a0<\/strong>08\/22\/2024\u00a0<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Information resource custodians, in coordination with information resource owners, are responsible for:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Identifying, reporting, and correcting information resource security flaws as described in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/incident-response-ir\/ir-6-incident-reporting\/\">Control IR-6, Incident Reporting<\/a>, and <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/risk-assessment-ra\/ra-5-vulnerability-monitoring-and-scanning\/\">Control RA-5, Vulnerability Monitoring and Scanning<\/a>; \u00a0<\/li>\n\n\n\n<li>Testing software and firmware updates related to security flaw remediation for effectiveness and potential side effects before installation as described in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/configuration-management-cm\/cm-3-configuration-change-control\/\">Control CM-3, Configuration Change Control<\/a>, and<a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/configuration-management-cm\/cm-32-testing-validation-and-documentation-of-changes\/\"> Control CM-3(2), Testing, Validation, and Documentation of Changes<\/a>;\u00a0<\/li>\n\n\n\n<li>Installing security-relevant software and firmware updates within timelines as specified in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/maintenance-ma\/ma-1-maintenance-policy-and-procedures\/\">Control MA-1, Maintenance &#8211; Policy and Procedures<\/a>, and <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/maintenance-ma\/ma-2-controlled-maintenance\/\">Control MA-2, Controlled Maintenance<\/a>; and \u00a0<\/li>\n\n\n\n<li>Incorporating security flaw remediation into the configuration management process as specified in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/configuration-management-cm\/cm-3-configuration-change-control\/\">Control CM-3, Configuration Change Control<\/a>.\u00a0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.federalregister.gov\/documents\/2016\/07\/28\/2016-17872\/revision-of-omb-circular-no-a-130-managing-information-as-a-strategic-resource\" target=\"_blank\" rel=\"noreferrer noopener\">OMB A-130<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/fips\/140-3\/final\" target=\"_blank\" rel=\"noreferrer noopener\">FIPS 140-3<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/fips\/186-5\/final\" target=\"_blank\" rel=\"noreferrer noopener\">FIPS 186-5<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/39\/final\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-39<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/40\/r4\/final\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-40<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/128\/upd1\/final\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-128<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/ir\/7788\/final\" target=\"_blank\" rel=\"noreferrer noopener\">IR 7788<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SI-2: Flaw Remediation NIST Baseline: Low&nbsp; DIR Required By: &nbsp;01\/20\/2023&nbsp; Review Date: \u00a008\/22\/2024\u00a0 References\/Additional Resources OMB A-130&nbsp; FIPS 140-3&nbsp; FIPS 186-5&nbsp; SP 800-39&nbsp; SP 800-40&nbsp; SP 800-128&nbsp; IR 7788&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1981,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1882","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on August 27, 2024","modified":"Updated on September 4, 2024"},"absolute_dates_time":{"created":"Posted on August 27, 2024 4:17 pm","modified":"Updated on September 4, 2024 6:23 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1882"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1882\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1981"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}