CMMC Practice SI.1.210: Identify, report, and correct information and information system flaws in a timely manner.
In this two part webinar from BrightTALK discusses key challenges and pitfalls most vulnerability management programs face. This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC). This NIST Special Publication is designed to provide guidelines for BIOS protections in server-class systems. This NIST Special Publication is designed to provide a comprehensive set of security recommendations for the current landscape of the storage infrastructure. This NIST Special Publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. The link below is an example from North Carolina State University of a Security Patching Standard. This SANS whitepaper examines the role of project management in building a successful vulnerability management program. This SANS whitepaper looks at how a vulnerability management process could be designed and implemented within an organization. This SANS whitepaper presents one methodology for identifying, evaluating and applying security patches. The primary focus of this slideshow is to educate administrators on the benefits of security patching, where to find information about patches, and how to deploy patches as they are needed.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
All software and firmware have potential flaws. Many vendors work to reduce those flaws by releasing vulnerability information and updates to their software and firmware. Organizations should have a process to review relevant vendor newsletters with updates about common problems or weaknesses. After reviewing the information the organization should execute a process called patch management that allows for systems to be updated without adversely affecting the organization. Organizations should also purchase support from their vendors to ensure timely access to updates.