Skip to main content

πŸ’Ό SI-2 Flaw Remediation

Description​

a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and d. Incorporate flaw remediation into the organizational configuration management process.

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/auto-scaling/01
    • /frameworks/aws-fsbp-v1.0.0/dms/06
    • /frameworks/aws-fsbp-v1.0.0/ecs/10
    • /frameworks/aws-fsbp-v1.0.0/ecs/12
    • /frameworks/aws-fsbp-v1.0.0/eks/02
    • /frameworks/aws-fsbp-v1.0.0/elastic-beanstalk/01
    • /frameworks/aws-fsbp-v1.0.0/elastic-beanstalk/02
    • /frameworks/aws-fsbp-v1.0.0/elasticache/02
    • /frameworks/aws-fsbp-v1.0.0/lambda/02
    • /frameworks/aws-fsbp-v1.0.0/mq/03
    • /frameworks/aws-fsbp-v1.0.0/opensearch/10
    • /frameworks/aws-fsbp-v1.0.0/rds/06
    • /frameworks/aws-fsbp-v1.0.0/rds/13
    • /frameworks/aws-fsbp-v1.0.0/rds/19
    • /frameworks/aws-fsbp-v1.0.0/rds/20
    • /frameworks/aws-fsbp-v1.0.0/rds/21
    • /frameworks/aws-fsbp-v1.0.0/rds/22
    • /frameworks/aws-fsbp-v1.0.0/rds/35
    • /frameworks/aws-fsbp-v1.0.0/redshift/06
    • /frameworks/aws-fsbp-v1.0.0/ssm/02
  • Internal
    • ID: dec-c-92a003c3

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [AutoScaling.1] Auto Scaling groups associated with a load balancer should use ELB health checks11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DMS.6] DMS replication instances should have automatic minor version upgrade enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ECS.10] ECS Fargate services should run on the latest Fargate platform version
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ECS.12] ECS clusters should use Container Insights
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EKS.2] EKS clusters should run on a supported Kubernetes version
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElasticBeanstalk.1] Elastic Beanstalk environments should have enhanced health reporting enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElasticBeanstalk.2] Elastic Beanstalk managed platform updates should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElastiCache.2] ElastiCache clusters should have automatic minor version upgrades enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Lambda.2] Lambda functions should use supported runtimes
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [MQ.3] Amazon MQ brokers should have automatic minor version upgrade enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.10] OpenSearch domains should have the latest software update installed
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.6] Enhanced monitoring should be configured for RDS DB instances
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.13] RDS automatic minor version upgrades should be enabled11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.19] Existing RDS event notification subscriptions should be configured for critical cluster events
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.20] Existing RDS event notification subscriptions should be configured for critical database instance events
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.21] An RDS event notifications subscription should be configured for critical database parameter group events
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.22] An RDS event notifications subscription should be configured for critical database security group events
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.35] RDS DB clusters should have automatic minor version upgrade enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Redshift.6] Amazon Redshift should have automatic upgrades to major versions enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [SSM.2] Amazon EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installation

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)279
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)9
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations10
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SI-2(1) Flaw Remediation _ Central Management
πŸ’Ό SI-2(2) Flaw Remediation _ Automated Flaw Remediation Status11
πŸ’Ό SI-2(3) Flaw Remediation _ Time to Remediate Flaws and Benchmarks for Corrective Actions
πŸ’Ό SI-2(4) Flaw Remediation _ Automated Patch Management Tools1
πŸ’Ό SI-2(5) Flaw Remediation _ Automatic Software and Firmware Updates11
πŸ’Ό SI-2(6) Flaw Remediation _ Removal of Previous Versions of Software and Firmware55

Policies (2)​

PolicyLogic CountFlags
πŸ“ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟒1🟒 x6
πŸ“ AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟒1🟠 x1, 🟒 x6