The following color scheme will be used to describe expected timelines for applying most operating system and application patches.
-
Red = Drop everything and address situation (e.g., patch) immediately.
-
Orange = 24 hours or less
-
Yellow = 1 week (default unless escalated by IT Security Office, CIO, or IT LT Director)
-
Anything that needs to exceed a week is to be discussed with IT Security Office
Vendors and systems that provide patches on a schedule with frequency greater than monthly, e.g., Oracle, will have a schedule as agreed to by the unit involved and the Information Security office.