VPM-05.7: Out-of-Cycle Patching

VPM-05.7 · Out-of-Cycle Patching

Control Description

Mechanisms exist to perform out-of-cycle software and/or firmware updates to address time-sensitive remediations.

Control Question

Assessment question for control validation

Does the organization perform out-of-cycle software and/or firmware updates to address time-sensitive remediations?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Protect

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 2 - Operational

Tier 3 - Tactical

Additional Metadata

Applicability (Process):