mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-05 23:38:57 +03:00
1.3 KiB
1.3 KiB
Standards and References - Vulnerability Aging and SLA Tracking
Industry Standards
- NIST SP 800-40 Rev 4: Guide to Enterprise Patch Management Planning
- CIS Controls v8.1 Control 7: Continuous Vulnerability Management
- PCI DSS v4.0 Req 6.3.3: Security patches installed within one month
- BOD 22-01: CISA remediation timelines for KEV vulnerabilities
- ISO 27001:2022 A.8.8: Management of technical vulnerabilities
SLA Benchmark References
- Tenable SLA Remediation: https://docs.tenable.com/cyber-exposure-studies/cyber-exposure-insurance/Content/SLARemediation.htm
- Nucleus Security SLA Guide: https://nucleussec.com/blog/how-to-define-vulnerability-remediation-slas-shortcuts-2/
- Phoenix Security SLA Framework: https://phoenix.security/vulnerability-timelines-sla-measurement-and-prioritization/
Industry SLA Benchmarks
| Source | Critical | High | Medium | Low |
|---|---|---|---|---|
| CISA BOD 22-01 | 2 weeks | N/A | N/A | N/A |
| PCI DSS | 30 days | 30 days | 90 days | 90 days |
| Industry Average | 14 days | 30 days | 60 days | 90 days |
| Aggressive Target | 48 hours | 7 days | 30 days | 60 days |
Vulnerability Statistics (2024)
- Total new CVEs published: 30,000+
- Year-over-year increase: 17%
- Average MTTR across industries: ~60 days
- Top-performing organizations MTTR: < 15 days for critical