mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 12:45:17 +03:00
28 lines
1.3 KiB
Markdown
28 lines
1.3 KiB
Markdown
# Standards and References - Vulnerability Aging and SLA Tracking
|
|
|
|
## Industry Standards
|
|
- **NIST SP 800-40 Rev 4**: Guide to Enterprise Patch Management Planning
|
|
- **CIS Controls v8.1 Control 7**: Continuous Vulnerability Management
|
|
- **PCI DSS v4.0 Req 6.3.3**: Security patches installed within one month
|
|
- **BOD 22-01**: CISA remediation timelines for KEV vulnerabilities
|
|
- **ISO 27001:2022 A.8.8**: Management of technical vulnerabilities
|
|
|
|
## SLA Benchmark References
|
|
- Tenable SLA Remediation: https://docs.tenable.com/cyber-exposure-studies/cyber-exposure-insurance/Content/SLARemediation.htm
|
|
- Nucleus Security SLA Guide: https://nucleussec.com/blog/how-to-define-vulnerability-remediation-slas-shortcuts-2/
|
|
- Phoenix Security SLA Framework: https://phoenix.security/vulnerability-timelines-sla-measurement-and-prioritization/
|
|
|
|
## Industry SLA Benchmarks
|
|
| Source | Critical | High | Medium | Low |
|
|
|--------|----------|------|--------|-----|
|
|
| CISA BOD 22-01 | 2 weeks | N/A | N/A | N/A |
|
|
| PCI DSS | 30 days | 30 days | 90 days | 90 days |
|
|
| Industry Average | 14 days | 30 days | 60 days | 90 days |
|
|
| Aggressive Target | 48 hours | 7 days | 30 days | 60 days |
|
|
|
|
## Vulnerability Statistics (2024)
|
|
- Total new CVEs published: 30,000+
|
|
- Year-over-year increase: 17%
|
|
- Average MTTR across industries: ~60 days
|
|
- Top-performing organizations MTTR: < 15 days for critical
|