Standards Group:
YALE-MSS-6: Patching
YALE-MSS-6.1: Apply security patches regularly
Low Risk Endpoint
Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
Timely patching is critical to safeguarding the security of IT Systems and data. This includes patching your:
- Operating systems
- Supporting software
- Applications
Patch your systems at least every 30 days.
- Vendors managing Yale IT Systems or Yale Data must meet these patching requirements.
- If you use containers like Docker, you must meet these patching requirements. This means rebuilding and redeploying with up-to-date software every 30 days.
Some vulnerabilities need an emergency response in patching in less than 30 days. See Yale-MSS-6.1.1 for requirements on patching based on severity and exposure.