CMMC Practice Requirement:

Identify, report, and correct information and information system flaws in a timely manner.

CMMC Requirement Explanation:

Information system flaws generally refer to security vulnerabilities in software and operating systems. Hackers can exploit software vulnerabilities to access your systems and data. Install software security updates to remediate vulnerabilities.

Example CMMC Implementation:

Identify your systems that are missing security updates. This includes your workstations, servers, and network devices. Install the missing updates onto the identified systems. Going forward, install security updates when they released. It is always a good idea to test updates before deploying them to all your systems.

Scenario(s):

- Scenario 1:

Example:

A hacker announced that he discovered a vulnerability in Microsoft Windows 10. Several days later Microsoft released a Windows security update to remediate the vulnerability. Alice installs the security updates on her Windows 10 systems. Alice's systems can not be exploited by the new vulnerability.
This Windows 10 system downloads and installs updates upon release by Microsoft.
This Windows 10 system downloads and installs updates upon release by Microsoft.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance