Controls

Terug naar overzicht
Version

SB.1.008 Patch management

Asset Management
Low
Low
Low
System Owner
v2.0 (Q1 2024)

Description

Available patches and/or security fixes are installed in compliance with set and approved policies (including those for operating systems, databases and installed applications) and recommendations of CERT and/or suppliers.

Specification

Only supported services can be used. End-of-Life or End-of-Support software is not allowed.

All software is tested and installed according to a documented and defined patch cycle.

Patching takes place in accordance with the change management process.

Unpatched systems will be treated in accordance with the vulnerability management process. Use the CVSS scores to define the criticality of the required patch.

Patches including critical security updates are installed as soon as possible. Critical security updates should be applied at the latest within 72 hours.