Vulnerability and Patch Management. 1.1 For all Contractor Managed Systems that store Metro Government Information, Contractor will promptly address Vulnerabilities though Security Patches. Unless otherwise requested by Metro Government, Security Patches shall be applied within fourteen (14) days from its release for Critical Security Patches, thirty (30) days for Important Security Patches, and twelve (12) months for all other applicable Security Patches. Contractor may provide an effective technical mitigation in place of a Security Patch (if no Security Patch is available or if the Security Patch is incompatible) which doesn’t materially impact Metro Government’s use of the system nor require additional third party products.
Appears in 4 contracts
Samples: www.nashville.gov, www.nashville.gov, www.nashville.gov
