STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← SI-2 (2) — Automated Flaw Remediation Status

CCI-001233

Definition

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Parent Control

SI-2 (2)Automated Flaw Remediation StatusSystem and Information Integrity

Linked STIG Checks (11)

V-252446CAT IIThe macOS system must utilize an ESS solution and implement all DoD required modules.Apple macOS 12 (Monterey) Security Technical Implementation GuideV-257152CAT IIThe macOS system must use an Endpoint Security Solution (ESS) and implement all DOD required modules.Apple macOS 13 (Ventura) Security Technical Implementation GuideV-219159CAT IIThe Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP).Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-220701CAT IIWindows 10 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).Microsoft Windows 10 Security Technical Implementation GuideV-224847CAT IIWindows Server 2016 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).Microsoft Windows Server 2016 Security Technical Implementation GuideV-22589CAT IIIThe system package management tool must not automatically obtain updates.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-241000CAT IIFlaw remediation Tanium applications must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).Tanium 7.0 Security Technical Implementation GuideV-234060CAT IIFlaw remediation Tanium applications must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).Tanium 7.3 Security Technical Implementation GuideV-73281CAT IIWindows Server 2016 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Host Based Security System (HBSS) is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).Windows Server 2016 Security Technical Implementation GuideV-73281CAT IIWindows Server 2016 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Host Based Security System (HBSS) is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).Windows Server 2016 Security Technical Implementation GuideV-93567CAT IIWindows Server 2019 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Host Based Security System (HBSS) is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).Windows Server 2019 Security Technical Implementation Guide