๐ผ 3.4 All software on in-scope devices must be updated within 14 days of an update being released
- Contextual name: ๐ผ 3.4 All software on in-scope devices must be updated within 14 days of an update being released
- ID:
/frameworks/uk-cyber-essentials-v3.1/03/04 - Located in: ๐ผ 3 Security update management
Descriptionโ
All software on in-scope devices must be updated, including applying any manual configuration changes required to make the update effective, within 14 days* of an update being released, where:
- the update fixes vulnerabilities described by the vendor as โcriticalโ or โhigh riskโ
- the update addresses vulnerabilities with a CVSS v3 base score of 7 or above
- there are no details of the level of vulnerabilities the update fixes provided by the vendor Please note: For optimum security we strongly recommend (but itโs not mandatory) that all released updates are applied within 14 days of release.
Similarโ
- Internal
- ID:
dec-c-99ed2f86
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|