L&I, Office of Information Technology Procedure
(PDF)
Name: |
Out of Band Patching Procedure |
Effective Date: |
May 2017 |
Category: |
System Management |
Version: |
1.2 |
1. Scope:
This procedure applies to all Department of Labor & Industry (L&I) employees and business partners (hereinafter referred to collectively as “L&I Users”).
2. Procedure:
The procedure is implemented by Office of Information Technology (OIT) personnel in various bureaus.
- Security Patches
Step |
Responsibility |
Action |
1. |
L&I CISO/ESC |
Report Critical/High vulnerabilities to IT Equipment administrators and system owners. |
2. |
L&I User |
Report within one (1) business day of receiving report in Step 1, the mitigation of the vulnerability, scheduled date for mitigation, or anticipated delivery of security vulnerability patches. |
3. |
L&I CISO/ESC |
Report to OA CISO all Critical/High vulnerabilities, planned mitigation, scheduled date of mitigation, and outstanding patches within two (2) business days of receiving the notice of the vulnerability. |
4. |
L&I CISO/ESC |
Report to OA CISO the completion of all Critical/High vulnerability mitigations. |
3. References
4. Version Control
Version |
Date |
Purpose |
1.1 |
04/2017 |
Base Document |
1.2 |
05/2017 |
Updates based on policy changes |