creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 07:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-vulnerability-remediation-sla/references/standards.md
T

1.1 KiB
Raw Blame History

Standards and References - Vulnerability Remediation SLA

Regulatory SLA Requirements

  • PCI DSS v4.0 Req 6.3.3: Address vulnerabilities by risk ranking (critical/high within 30 days)
  • CISA BOD 22-01: Federal agencies must remediate KEV within specified timeframes
  • NIST SP 800-40 Rev 4: Enterprise Patch Management Planning
  • SOX: Timely remediation of IT control deficiencies
  • HIPAA: Reasonable and appropriate security measures including patching

Industry Benchmarks

Severity CISA BOD 22-01 PCI DSS CIS Benchmark Best Practice
Critical 14 days (KEV) 30 days 48 hours 24-48 hours
High N/A 30 days 7 days 7-14 days
Medium N/A 90 days 30 days 30 days
Low N/A Next cycle 90 days 90 days

KPI Benchmarks (Industry Average)

Metric Average Top Quartile Best in Class
SLA Compliance 65% 85% >95%
MTTR (Critical) 15 days 5 days <2 days
MTTR (High) 30 days 14 days <7 days
Vuln Backlog 25% 10% <5%
Reference in New Issue View Git Blame Copy Permalink