CMMC Practice SI.1.210: Identify, report, and correct information and information system flaws in a timely manner.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
All software and firmware have potential flaws. Many vendors work to reduce those flaws by releasing vulnerability information and updates to their software and firmware. Organizations should have a process to review relevant vendor newsletters with updates about common problems or weaknesses. After reviewing the information the organization should execute a process called patch management that allows for systems to be updated without adversely affecting the organization. Organizations should also purchase support from their vendors to ensure timely access to updates.