Skip to main content

ER-30 Pre-Kickoff - Patching and Vulnerability Management and System Monitoring Policy

C
Written by Claudio Morsella
Updated over a year ago

What to Provide

Policy or policies for vulnerability management, patching, and monitoring.

Ensure that your policy includes:

  • How often you perform vulnerability scans

  • What types of vulnerability scans you perform

  • How you apply patches

  • Timeline of remediation for vulnerabilities based on criticality

  • A requirement that your policy be reviewed annually

Evidence Format
Exported word processing document in a common file type such as .docx or .pdf.

Associated Unified Control ID

Associated Framework Control

CTRL-652

LCL-26

Did this answer your question?