Patches, updates or other vendor mitigations for vulnerabilities in firmware are applied within 48 hours of release when vulnerabilities are assessed as critical by vendors or when working exploits exist.
Topic
When to patch vulnerabilities
Applicable to
all
History
Dec 2023
Patches, updates or other vendor mitigations for vulnerabilities in firmware are applied within 48 hours of release when vulnerabilities are assessed as critical by vendors or when working exploits exist.
The existing control relating to applying patches, updates or other vendor mitigations for vulnerabilities in drivers and firmware within 48 hours where vulnerabilities are assessed as critical by vendors or when working exploits exist was split into two separate controls. [ISM-1879, ISM-1903]