Evaluate, schedule, and apply any missing security updates within 30 days. Apply patches immediately and without delay for critical vulnerabilities enabling remote, unauthenticated administrative access. See also: Level 2, Level 3, Level 4, SA9, Servers A