Description
Applicability
-
The information resource owner, or designee, is responsible for ensuring that all requirements of this Control are satisfied.
Implementation
-
The university is responsible for:
-
1
Identifying, reporting, and correcting information resource security flaws as described in RA-5.
-
2
Testing software and firmware updates related to security flaw remediation for effectiveness and potential side effects before installation as described in CM-1.
-
3
Installing security-relevant software and firmware updates within timelines as specified in CM-1.
-
4
Incorporating security flaw remediation into the unit’s configuration management process (CM-3).