Description
a. Replace system components when support for the components is no longer available from the developer, vendor, or manufacturer; or b. Provide the following options for alternative sources for continued support for unsupported components [Selection (one or more): in-house support; [Assignment: organization-defined support from external providers]].
Supplemental Guidance
Support for system components includes software patches, firmware updates, replacement parts, and maintenance contracts. An example of unsupported components includes when vendors no longer provide critical software patches or updates for their products. Unsupported components can create security vulnerabilities. Policies may be developed to eliminate the use of unsupported system components.
Changes from Rev 4
New control in Rev 5.
MITRE ATT&CK Techniques (6)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.