History

Priority

Must

Nov 2018

Security vulnerabilities in operating systems and firmware assessed as high risk are patched, updated or mitigated within two weeks of the security vulnerability being identified by vendors, independent third parties, system managers or users.

Added to address a gap in guidance on operating system and firmware patching.