Current patches

SA9: Operating system and application patches must be current and supported by the vendor or Open Source project, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).

How to Comply

Schedule patches appropriately

Evaluate, schedule, and apply any missing security updates in a timely manner. Apply patches immediately and without delay for critical vulnerabilities enabling remote, unauthenticated administrative access.