PR.PS-02:

Software is maintained, replaced, and removed commensurate with risk

Perform routine and emergency patching within the timeframes specified in the vulnerability management plan

Update container images, and deploy new container instances to replace rather than update existing instances

Replace end-of-life software and service versions with supported, maintained versions

Uninstall and remove unauthorized software and services that pose undue risks

Uninstall and remove any unnecessary software components (e.g., operating system utilities) that attackers might misuse

Define and implement plans for software and service end-of-life maintenance support and obsolescence