CMMC / NIST Patching Time Limits

old.reddit.com / @/u/IlIIIllIIIIII, https://old.reddit.com/user/IlIIIllIIIIII

I understand that determining limits depends largely on the business, understanding of the risk, business requirements, etc.

but my question is are limits defined anywhere in that a system must be patched by some certain time of discovering the vulnerability?

this is an extremely complex hill for us to climb as some systems are legacy and or proprietary. they are entirely closed off systems and have no access to the internet. in some cases some of these systems will never be patched, they will instead be replaced.

would help to understand any CMMC / NIST defined limits or best practices.

thanks

submitted by /u/IlIIIllIIIIII
[link] [comments]

published 4 days ago


Previous

Security Controls For Containers
published 5 days ago

Next

manufacturers: Does everyone in your org get an email/account, regardless of position?
published 3 days ago
See all items from the same source