...
| Panel |
|---|
Document Name: NCSA Vulnerability Management Policy Approved: pending IIB approval IIB approved April 6, 2023 |
Scope and Purpose
This standard applies to all systems and networks within NCSA's control and ownership where there is not a more specific system-level standard. Exceptions can be requested for devices that cannot be scanned or updated. Note that for end of life or support operating systems (OS) an exception must include a concrete plan for an OS upgrade or decommissioning. NCSA policy requires all systems to have a plan to identify and remediate security vulnerabilities.
...
Standard patches are performed during regular quarterly outages scheduled outages which occur at least twice a year and include basic OS updates (including security patches) and other updates from vendors. A full vulnerability scan is performed again after any planned maintenance (PM).
...