An Arlington Brief
Flaw Remediation (Patch Management) Policy and Procedures
A Must for Federal Compliance Reporting
Overview
A strict requirement for federal contractors providing essential services to federal agencies is developing a wide-range of information security and privacy controls. Whatever the compliance mandate being imposed upon federal contractors is - FISMA, FedRAMP, eMASS RMF, DFARS NIST 800-171, CMMC, and more - information security and privacy policies and procedures are a must. Additionally, such documentation must be developed in accordance with none other than NIST SP 800-53, the unquestioned framework that’s been adopted by federal agencies - and federal contractors - since 2005.
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.
Reporting Requirements
Per NIST SP 800-53, “The need to remediate system flaws applies to all types of software and firmware. Organizations identify systems affected by software flaws, including potential vulnerabilities resulting from those flaws, and report this information to designated organizational personnel with information security and privacy responsibilities.”
Specifically, Per SI-2 of NIST SP 800-53, organizations are to “a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install security-relevant software and firmware updates…of the release of the updates; and d. Incorporate flaw remediation into the organizational configuration management process.”
Specifically, Per SI-2 of NIST SP 800-53, organizations are to “a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install security-relevant software and firmware updates…of the release of the updates; and d. Incorporate flaw remediation into the organizational configuration management process.”
How to Get Started
Start by downloading our world-class NIST RMF Security and Privacy Policies and Procedures templates at the Arlington Security Portal (ASP).
Arlington Can Help
We have years of experience working within the broader federal agency apparatus in helping federal contractors develop high-quality, well-written, policies and procedures and additional NIST RMF information security and privacy materials. Our NIST RMF information security and privacy policies, procedures, programs, and plans have been used by thousands of federal contractors in helping organizations develop customized documentation for their growing security and compliance needs.
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.