Begin Main Content Area

L&I, Office of Information Technology Procedure


Name: Out of Band Patching Procedure
Effective Date: May 2017
Category: System Management
Version: 1.2

1. Scope:

This procedure applies to all Department of Labor & Industry (L&I) employees and business partners (hereinafter referred to collectively as “L&I Users”).

2. Procedure:

The procedure is implemented by Office of Information Technology (OIT) personnel in various bureaus.

  1. Security Patches

  2. Step Responsibility Action
    1. L&I CISO/ESC Report Critical/High vulnerabilities to IT Equipment administrators and system owners.
    2. L&I User Report within one (1) business day of receiving report in Step 1, the mitigation of the vulnerability, scheduled date for mitigation, or anticipated delivery of security vulnerability patches.
    3. L&I CISO/ESC Report to OA CISO all Critical/High vulnerabilities, planned mitigation, scheduled date of mitigation, and outstanding patches within two (2) business days of receiving the notice of the vulnerability.
    4. L&I CISO/ESC Report to OA CISO the completion of all Critical/High vulnerability mitigations.

3. References

L&I Policy Definitions Document
National Vulnerability Database
SYM-004 - System Maintenance Policy

4. Version Control

Version Date Purpose
1.1 04/2017 Base Document
1.2 05/2017 Updates based on policy changes