NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-2(2)Automated Flaw Remediation Status

Determine if system components have applicable security-relevant software and firmware updates installed using {{ insert: param, si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Automated mechanisms can track and determine the status of known flaws for system components.

Practitioner Notes

Automate the process of checking whether patches have been successfully applied so you do not rely on manual verification.

Example 1: Configure your vulnerability scanner (Nessus, ACAS, Qualys) to run automated scans after each patch cycle. The scanner compares installed patch levels against the expected baseline and flags any systems that are still missing required patches.

Example 2: Use Microsoft Defender for Endpoint's Threat and Vulnerability Management dashboard to continuously monitor patch status. The dashboard automatically identifies missing patches and scores your exposure, without waiting for a manual scan cycle.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(3) Time to Remediate Flaws and Benchmarks for Corrective Actions