History
- Priority
- must
- 2017
- Security vulnerabilities in operating systems, applications, drivers and hardware devicesassessed as extreme risk must be patched or mitigated within 48 hours of the securityvulnerabilities being identified by vendors, independent 3rd parties, system owners or users.
- Control Text Changed. No public explaination.
- 2015
- Vulnerabilities in operating systems, applications, drivers and hardware devices assessed asextreme risk must be patched or mitigated within two days.
- 2010
- Agencies must apply all critical security patches as soon as possible.