Patch Management. i. All workstations, laptops and other systems, which process and/or store PII, must have critical security patches applied, with system reboot if necessary. ii. There must be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations. iii. At a maximum, all applicable patches deemed as critical must be installed within thirty (30) days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days. iv. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must have compensatory controls implemented to minimize risk.
Appears in 21 contracts
Sources: Contract for Family Resource Center Services, Contract for the Provision of Bringing Families Home Services, Contract for the Provision of Bridge Program Child Care Navigator, Trauma Informed Training and Coaching, and Emergency Child Care Voucher Services
Patch Management. i. All workstations, laptops and other systems, which systems that process and/or store PII, Department PHI or PI must have critical security patches applied, with system reboot if necessary.
ii. There must be a documented patch management process that which determines installation timeframe based on risk assessment and vendor recommendations.
iii. At a maximum, all applicable patches deemed as critical must be installed within thirty (30) 30 days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days.
iv. Applications and systems that cannot be patched within this time frame, frame due to significant operational reasons, reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 11 contracts
Sources: Privacy and Information Security Provisions, Standard Agreement, Privacy and Information Security Provisions
Patch Management. i. 1. All workstations, laptops and other systems, which process and/or store PII, must have critical security patches applied, with system reboot if necessary.
ii2. There must be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii3. At a maximum, all applicable patches deemed as critical must be installed within thirty (30) days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days.
iv4. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must have compensatory controls implemented to minimize risk.
Appears in 6 contracts
Sources: Subrecipient Agreement, Service Agreement, Grant Agreement
Patch Management. i. 1. All workstations, laptops and other systems, which process and/or store PII, must shall have critical security patches applied, with system reboot if necessary.
ii2. There must shall be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii3. At a maximum, all applicable patches deemed as critical must shall be installed within thirty (30) days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days.
iv4. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must shall have compensatory controls implemented to minimize risk.
Appears in 4 contracts
Sources: Privacy and Security Agreement, Data Privacy & Security, Data Sharing Agreement
Patch Management. i. All workstations, laptops and other systems, which process and/or store Medi-Cal PII, must have critical security patches applied, with system reboot if necessary.
ii. There must be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii. At a maximum, all applicable patches deemed as critical high risk must be installed within thirty (30) 30 days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days.
iv. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must have compensatory controls implemented to minimize risk.
Appears in 4 contracts
Sources: Medi Cal Privacy and Security Agreement, Memorandum of Understanding, Memorandum of Understanding
Patch Management. i. 1. All workstations, laptops and other systems, which process and/or store PII, must shall have critical security patches applied, with system reboot if necessary.
ii2. There must shall be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii3. At a maximum, all applicable patches deemed as critical must shall be installed within thirty (30) days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days.
iv4. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must shall have compensatory controls implemented to minimize riskrisk .
Appears in 2 contracts
Sources: Privacy and Security Agreement, Privacy and Security Agreement
Patch Management. i. 1. All workstations, laptops and other systems, which process and/or store Medi-Cal PII, must shall have critical security patches applied, with system reboot if necessary.
ii2. There must shall be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii3. At a maximum, all applicable patches deemed as critical must shall be installed within thirty (30) 30 days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) 7 days.
iv4. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must shall have compensatory controls implemented to minimize risk.
Appears in 2 contracts
Sources: Medi Cal Privacy and Security Agreement, Medi Cal Privacy and Security Agreement
Patch Management. i. 1. All workstations, laptops and other systems, which process and/or store Medi-Cal PII, must have critical security patches applied, with system reboot if necessary.
ii2. There must be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii3. At a maximum, all applicable patches deemed as critical must be installed within thirty (30) 30 days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days.
iv4. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must have compensatory controls implemented to minimize risk.
Appears in 2 contracts
Sources: Medi Cal Privacy and Security Agreement, Medi Cal Privacy and Security Agreement
Patch Management. i. 1. All workstations, laptops and other systems, which process and/or store Medi-Cal PII, must have critical security patches applied, with system reboot if necessary.
ii2. There must be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii3. At a maximum, all applicable patches deemed as critical must be installed within thirty (30) days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) days.
iv4. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must have compensatory controls implemented to minimize risk.
Appears in 1 contract
Patch Management. i. 1. All workstations, laptops and other systems, which process and/or store Medi-Cal PII, must mustshall have critical security patches applied, with system reboot if necessary.
ii2. There must mustshall be a documented patch management process that determines installation timeframe based on risk assessment and vendor recommendations.
iii3. At a maximum, all applicable patches deemed as critical must mustshall be installed within thirty (30) 30 days of vendor release. It is recommended that critical patches which are high risk be installed within seven (7) seven7 days.
iv4. Applications and systems that cannot be patched within this time frame, due to significant operational reasons, must mustshall have compensatory controls implemented to minimize risk.
Appears in 1 contract