Reporting Requirements
Per NIST SP 800-53, “The need to remediate system flaws applies to all types of software and firmware. Organizations identify systems affected by software flaws, including potential vulnerabilities resulting from those flaws, and report this information to designated organizational personnel with information security and privacy responsibilities.”
Specifically, Per SI-2 of NIST SP 800-53, organizations are to “a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install security-relevant software and firmware updates…of the release of the updates; and d. Incorporate flaw remediation into the organizational configuration management process.”
Specifically, Per SI-2 of NIST SP 800-53, organizations are to “a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install security-relevant software and firmware updates…of the release of the updates; and d. Incorporate flaw remediation into the organizational configuration management process.”
How to Get Started
Start by downloading our world-class NIST RMF Security and Privacy Policies and Procedures templates at the Arlington Security Portal (ASP).
