Vulnerability and Patch Management. 1.1 For all Contractor Managed Systems that store Metro Government Information, Contractor will promptly address Vulnerabilities though Security Patches. Unless otherwise requested by Metro Government, Security Patches shall be applied within fourteen (14) days from its release for Critical Security Patches, thirty (30) days for Important Security Patches, and twelve (12) months for all other applicable Security Patches. Contractor may provide an effective technical mitigation in place of a Security Patch (if no Security Patch is available or if the Security Patch is incompatible) which doesn’t materially impact Metro Government’s use of the system nor require additional third party products. 1.2 If the application of Security Patches or other technical mitigations could impact the operation of Contractor Managed System, Contractor agrees to install patches only during Metro Government approved scheduled maintenance hours, or another time period agreed by Metro Government.
Appears in 4 contracts
Samples: General Terms and Conditions, General Terms and Conditions, General Terms and Conditions
