Vulnerability and Patch Management

Last updated on June 7, 2021

Organizations should ensure Operating System (OS) and application levels are current. This is necessary to ensure vulnerabilities are patched. Additionally, a Vulnerability Management (VM) & Patching program should be executed to ensure vulnerability scans are performed and system patches are applied on a timely basis.

Expert Opinion - Vulnerability Management

Control Objective

Policy is documented, approved, followed, reviewed, and updated regularly
Scans to be performed prior to & following production launch
Systems must be patched regularly to ensure current OS and application levels
Vulnerability assessments are regularly conducted as part of a program and vulnerabilities must be rated according to criticality
High and critical vulnerabilities must be remediated through patching, decommission, or compensating controls

Resources

OCIO Patch Standard v2.2 (last updated Feb 18, 2021)

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Vulnerability and Patch Management

Expert Opinion - Vulnerability Management

Control Objective

Resources