| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SI-2(3) |
FedRAMP_High_R4_SI-2(3) |
FedRAMP High SI-2 (3) |
System And Information Integrity |
Time To Remediate Flaws / Benchmarks For Corrective Actions |
Shared |
n/a |
The organization:
(a) Measures the time between flaw identification and flaw remediation; and
(b) Establishes [Assignment: organization-defined benchmarks] for taking corrective actions.
Supplemental Guidance: This control enhancement requires organizations to determine the current time it takes on the average to correct information system flaws after such flaws have been identified, and subsequently establish organizational benchmarks (i.e., time frames) for taking corrective actions. Benchmarks can be established by type of flaw and/or severity of the potential vulnerability if the flaw can be exploited. |
link |
2 |
| FedRAMP_Moderate_R4 |
SI-2(3) |
FedRAMP_Moderate_R4_SI-2(3) |
FedRAMP Moderate SI-2 (3) |
System And Information Integrity |
Time To Remediate Flaws / Benchmarks For Corrective Actions |
Shared |
n/a |
The organization:
(a) Measures the time between flaw identification and flaw remediation; and
(b) Establishes [Assignment: organization-defined benchmarks] for taking corrective actions.
Supplemental Guidance: This control enhancement requires organizations to determine the current time it takes on the average to correct information system flaws after such flaws have been identified, and subsequently establish organizational benchmarks (i.e., time frames) for taking corrective actions. Benchmarks can be established by type of flaw and/or severity of the potential vulnerability if the flaw can be exploited. |
link |
2 |
| hipaa |
0713.10m2Organizational.5-10.m |
hipaa-0713.10m2Organizational.5-10.m |
0713.10m2Organizational.5-10.m |
07 Vulnerability Management |
0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management |
Shared |
n/a |
Patches are tested and evaluated before they are installed. |
|
5 |
| hipaa |
0787.10m2Organizational.14-10.m |
hipaa-0787.10m2Organizational.14-10.m |
0787.10m2Organizational.14-10.m |
07 Vulnerability Management |
0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management |
Shared |
n/a |
Patches installed in the production environment are also installed in the organization's disaster recovery environment in a timely manner. |
|
4 |
| NIST_SP_800-53_R4 |
SI-2(3) |
NIST_SP_800-53_R4_SI-2(3) |
NIST SP 800-53 Rev. 4 SI-2 (3) |
System And Information Integrity |
Time To Remediate Flaws / Benchmarks For Corrective Actions |
Shared |
n/a |
The organization:
(a) Measures the time between flaw identification and flaw remediation; and
(b) Establishes [Assignment: organization-defined benchmarks] for taking corrective actions.
Supplemental Guidance: This control enhancement requires organizations to determine the current time it takes on the average to correct information system flaws after such flaws have been identified, and subsequently establish organizational benchmarks (i.e., time frames) for taking corrective actions. Benchmarks can be established by type of flaw and/or severity of the potential vulnerability if the flaw can be exploited. |
link |
2 |
| NIST_SP_800-53_R5 |
SI-2(3) |
NIST_SP_800-53_R5_SI-2(3) |
NIST SP 800-53 Rev. 5 SI-2 (3) |
System and Information Integrity |
Time to Remediate Flaws and Benchmarks for Corrective Actions |
Shared |
n/a |
(a) Measure the time between flaw identification and flaw remediation; and
(b) Establish the following benchmarks for taking corrective actions: [Assignment: organization-defined benchmarks]. |
link |
2 |