NIST SP 800-171 & CMMC 2.0 Control 3.14.1 Requirement:

Identify, report, and correct information and information system flaws in a timely manner.

NIST SP 800-171 & CMMC 2.0 3.14.1 Requirement Explanation:

All software and firmware have potential flaws. Information system flaws generally refer to security vulnerabilities in software and operating systems. Hackers can exploit software vulnerabilities to access your systems and data. Software vendors work to remedy those flaws by releasing vulnerability information and updates to their software. Install software security updates to remediate vulnerabilities.

Example NIST SP 800-171 & CMMC 2.0 3.14.1 Implementation:

Identify systems that are missing security updates. This includes your workstations, servers, and network devices. Install the missing updates onto the identified systems. Going forward, install security updates when they released. It is always a good idea to test updates before deploying them to all your systems. You must have a process to review relevant vendor notifications and updates about vulnerabilities. After reviewing the information, the you must implement a patch management process to remediate the vulnerabilities. You must define the time frames within which flaws are identified, reported, and corrected for all systems.

NIST SP 800-171 & CMMC 2.0 3.14.1 Scenario(s):

- Scenario 1:

A hacker announced that he discovered a vulnerability in Microsoft Windows 10. Several days later Microsoft releases a Windows security update to remediate the vulnerability. You instal the security updates on your Windows 10 systems to remediate the vulnerability.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.