SI-2(3)

  • Requirement

    1. Measure the time between flaw identification and flaw remediation; and
    2. Establish the following benchmarks for taking corrective actions: [Assignment: organization-defined benchmarks].
  • Discussion

    Organizations determine the time it takes on average to correct system flaws after such flaws have been identified and subsequently establish organizational benchmarks (i.e., time frames) for taking corrective actions. Benchmarks can be established by the type of flaw or the severity of the potential vulnerability if the flaw can be exploited.

More Info

  • Title

    Flaw Remediation | Time to Remediate Flaws and Benchmarks for Corrective Actions
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!