creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 23:14:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-vulnerability-sla-breach-alerting/assets/template.md
T

88 lines
3.2 KiB
Markdown
Raw Blame History

# Vulnerability SLA Policy Template
## 1. Purpose
This policy establishes remediation timelines for security vulnerabilities based on severity classification, defines escalation procedures for SLA breaches, and specifies reporting requirements for compliance tracking.
## 2. Scope
This policy applies to all information systems, applications, and infrastructure components managed by [Organization Name].
## 3. SLA Definitions
| Severity | CVSS Range | Remediation Timeline | Grace Period | Escalation Path |
|----------|-----------|---------------------|--------------|-----------------|
| Critical | 9.0 - 10.0 | 48 hours | 12 hours | Asset Owner -> Security Director -> CISO |
| High | 7.0 - 8.9 | 15 calendar days | 5 days | Asset Owner -> Team Lead -> Security Director |
| Medium | 4.0 - 6.9 | 60 calendar days | 14 days | Asset Owner -> Team Lead |
| Low | 0.1 - 3.9 | 90 calendar days | 30 days | Asset Owner |
## 4. Exception Process
### 4.1 Exception Request Requirements
- CVE identifier and affected system details
- Business justification for extension
- Compensating controls implemented
- Proposed new remediation date
- Risk acceptance signature from system owner and CISO
### 4.2 Maximum Exception Duration
- Critical: 14 days maximum extension
- High: 30 days maximum extension
- Medium: 60 days maximum extension
- Low: 90 days maximum extension
## 5. Alerting Configuration
### 5.1 Notification Schedule
```
80% SLA elapsed -> Warning to asset owner (email + Slack)
100% SLA elapsed -> Breach alert (email + Slack + PagerDuty for Critical/High)
SLA + 24 hours -> Escalation Level 1 (team lead)
SLA + 72 hours -> Escalation Level 2 (director)
SLA + 7 days -> Escalation Level 3 (CISO)
```
### 5.2 Notification Channels
- **Email**: All severity levels
- **Slack**: High and Critical severity
- **PagerDuty**: Critical severity SLA breaches only
- **Jira**: Automatic ticket creation for all findings
## 6. Reporting Requirements
### 6.1 Weekly Report
- Count of open findings by severity
- Count of SLA breaches by severity
- Top 5 assets with most open findings
- Remediation velocity trend
### 6.2 Monthly Report
- Overall SLA compliance rate by severity
- Mean time to remediate by severity
- Exception count and approval rate
- Quarter-over-quarter improvement trends
### 6.3 Executive Dashboard
- Overall compliance percentage
- Risk exposure trend (critical/high open count over time)
- Team/business unit comparison
- Regulatory compliance status (PCI, SOC2, HIPAA)
## 7. Compliance Mapping
| Regulation | Requirement | SLA Alignment |
|-----------|------------|---------------|
| PCI DSS 4.0 | Req 6.3.3 | Critical/High within 30 days |
| SOC 2 | CC7.1 | Evidence of SLA tracking and remediation |
| HIPAA | 164.312(a)(1) | Risk-based remediation timeline |
| CISA BOD 22-01 | KEV remediation | 14 days for KEV-listed CVEs |
| NIST CSF 2.0 | ID.RA-01 | Risk-ranked vulnerability management |
## 8. Roles and Responsibilities
- **Asset Owner**: Remediate within SLA, request exceptions when needed
- **Security Team**: Monitor SLA compliance, manage alerting system
- **Team Lead**: Review team SLA metrics, escalate blockers
- **CISO**: Approve critical exceptions, review monthly metrics
Reference in New Issue View Git Blame Copy Permalink