| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SI-2(2) |
FedRAMP_High_R4_SI-2(2) |
FedRAMP High SI-2 (2) |
System And Information Integrity |
Automated Flaw Remediation Status |
Shared |
n/a |
The organization employs automated mechanisms [Assignment: organization-defined frequency] to determine the state of information system components with regard to flaw remediation.
Supplemental Guidance: Related controls: CM-6, SI-4. |
link |
2 |
| FedRAMP_Moderate_R4 |
SI-2(2) |
FedRAMP_Moderate_R4_SI-2(2) |
FedRAMP Moderate SI-2 (2) |
System And Information Integrity |
Automated Flaw Remediation Status |
Shared |
n/a |
The organization employs automated mechanisms [Assignment: organization-defined frequency] to determine the state of information system components with regard to flaw remediation.
Supplemental Guidance: Related controls: CM-6, SI-4. |
link |
2 |
| hipaa |
0713.10m2Organizational.5-10.m |
hipaa-0713.10m2Organizational.5-10.m |
0713.10m2Organizational.5-10.m |
07 Vulnerability Management |
0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management |
Shared |
n/a |
Patches are tested and evaluated before they are installed. |
|
5 |
| hipaa |
0718.10m3Organizational.34-10.m |
hipaa-0718.10m3Organizational.34-10.m |
0718.10m3Organizational.34-10.m |
07 Vulnerability Management |
0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management |
Shared |
n/a |
The organization scans for vulnerabilities in the information system and hosted applications to determine the state of flaw remediation monthly (automatically), and again (manually or automatically) when new vulnerabilities potentially affecting the systems and networked environments are identified and reported. |
|
4 |
| hipaa |
0787.10m2Organizational.14-10.m |
hipaa-0787.10m2Organizational.14-10.m |
0787.10m2Organizational.14-10.m |
07 Vulnerability Management |
0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management |
Shared |
n/a |
Patches installed in the production environment are also installed in the organization's disaster recovery environment in a timely manner. |
|
4 |
| hipaa |
1791.10a2Organizational.6-10.a |
hipaa-1791.10a2Organizational.6-10.a |
1791.10a2Organizational.6-10.a |
17 Risk Management |
1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems |
Shared |
n/a |
Specifications for the security control requirements state automated controls will be incorporated in the information system, supplemented by manual controls as needed, as evidenced throughout the SDLC. |
|
5 |
| NIST_SP_800-53_R4 |
SI-2(2) |
NIST_SP_800-53_R4_SI-2(2) |
NIST SP 800-53 Rev. 4 SI-2 (2) |
System And Information Integrity |
Automated Flaw Remediation Status |
Shared |
n/a |
The organization employs automated mechanisms [Assignment: organization-defined frequency] to determine the state of information system components with regard to flaw remediation.
Supplemental Guidance: Related controls: CM-6, SI-4. |
link |
2 |
| NIST_SP_800-53_R5 |
SI-2(2) |
NIST_SP_800-53_R5_SI-2(2) |
NIST SP 800-53 Rev. 5 SI-2 (2) |
System and Information Integrity |
Automated Flaw Remediation Status |
Shared |
n/a |
Determine if system components have applicable security-relevant software and firmware updates installed using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency]. |
link |
2 |