>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

OPS-22Testing and Documentation of known Vulnerabilities

>Control Description

System components in the area of responsibility of the Cloud Service Provider for the provision of the cloud service are automatically checked for known vulnerabilities at least once a month in accordance with the policies for handling vulnerabilities (cf. OPS-18), the severity is assessed in accordance with defined criteria and measures for timely remediation or mitigation are initiated within defined time windows. Additional criteria: Available security patches are applied depending on the severity of the vulnerabilities, as determined based on the latest version of the Common Vulnerability Scoring System (CVSS): • Critical (CVSS = 9.0 - 10.0): 3 hours; • High (CVSS = 7.0 - 8.9): 3 days; • Average (CVSS = 4.0 - 6.9): 1 month; • Low (CVSS = 0.1 - 3.9): 3 months.

Ask AI

Configure your API key to use AI features.