...
Information resources having security vulnerabilities with a CVSS score greater than 6.9 ("High or "Critical" severity) identified as critical must be remediated within 30 days or they will be isolated from external access and removed from the network.
False positive results from the system will be documented within the vulnerability management system.
...
Date | Version | Description | Approval |
|---|---|---|---|
| 1.0 | Original Document | Draft |
| 1.0 | Modifications | Ready for Review |
1.0 | CISO Approved | Approved | |
1.1 | Modified for HIPAA Compliance | Approved | |
1.2 | Removed reference to CVSS score | Approved |