mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
25 lines
1.1 KiB
Markdown
25 lines
1.1 KiB
Markdown
# Standards and References - Vulnerability Remediation SLA
|
|
|
|
## Regulatory SLA Requirements
|
|
- **PCI DSS v4.0 Req 6.3.3**: Address vulnerabilities by risk ranking (critical/high within 30 days)
|
|
- **CISA BOD 22-01**: Federal agencies must remediate KEV within specified timeframes
|
|
- **NIST SP 800-40 Rev 4**: Enterprise Patch Management Planning
|
|
- **SOX**: Timely remediation of IT control deficiencies
|
|
- **HIPAA**: Reasonable and appropriate security measures including patching
|
|
|
|
## Industry Benchmarks
|
|
| Severity | CISA BOD 22-01 | PCI DSS | CIS Benchmark | Best Practice |
|
|
|----------|---------------|---------|---------------|---------------|
|
|
| Critical | 14 days (KEV) | 30 days | 48 hours | 24-48 hours |
|
|
| High | N/A | 30 days | 7 days | 7-14 days |
|
|
| Medium | N/A | 90 days | 30 days | 30 days |
|
|
| Low | N/A | Next cycle | 90 days | 90 days |
|
|
|
|
## KPI Benchmarks (Industry Average)
|
|
| Metric | Average | Top Quartile | Best in Class |
|
|
|--------|---------|--------------|---------------|
|
|
| SLA Compliance | 65% | 85% | >95% |
|
|
| MTTR (Critical) | 15 days | 5 days | <2 days |
|
|
| MTTR (High) | 30 days | 14 days | <7 days |
|
|
| Vuln Backlog | 25% | 10% | <5% |
|