SI-14(1)
-
Requirement
Obtain software and data employed during system component and service refreshes from the following trusted sources: [Assignment: organization-defined trusted sources].
-
Discussion
Trusted sources include software and data from write-once, read-only media or from selected offline secure storage facilities.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!