← Back to catalog
SI-2(3)

Time to Remediate Flaws and Benchmarks for Corrective Actions

System and Information Integrity (SI)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Measure the time between flaw identification and flaw remediation; and Establish the following benchmarks for taking corrective actions: [assignment].

Discussion

Organizations determine the time it takes on average to correct system flaws after such flaws have been identified and subsequently establish organizational benchmarks (i.e., time frames) for taking corrective actions. Benchmarks can be established by the type of flaw or the severity of the potential vulnerability if the flaw can be exploited.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.