History

Priority

Must

Nov 2018

Security vulnerabilities in operating systems and firmware assessed as extreme risk are patched, updated or mitigated within 48 hours of the security vulnerabilities being identified by vendors, independent third parties, system managers or users.

Added to address a gap in guidance on operating system and firmware patching.