Skip to Search
Skip to Navigation
Skip to Content

University of Connecticut University Information Technology ServicesInformation Security Office

Information Security Office - About Us

Our Mission

The mission of the Information Security Office (ISO) is to design, implement and maintain an information security program that protects the University's systems, services and data against unauthorized use, disclosure, modification, damage and loss. The ISO is committed to engaging the University community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.

Contact

The UITS Information Security Office can be contacted by email or phone.
UITS Information Security Office
P: 860.486.4357 (HELP)
E: security@uconn.edu

Patch Implementation Guidelines

 

Patch Implementation Guidelines

Purpose: To provide specific guidelines for the implementation of security patches based on the severity of the vulnerability.

Patches should be implemented according to the following timeframes:

CVSS Score

Priority

Timeframe

7 ≥  or ≤ 10

1

2 Weeks

5 ≥ and < 7

2

4 Weeks

3 ≥ and < 5

3

3 Months

0 > and < 3

4

Discretionary

 

These priorities are based on the NVD Common Vulnerability Scoring System (CVSS). Individuals can subscribe to the NVD Weekly Summary RSS feed here.

Exceptions: Patch implementation processes should take into consideration the need for testing and the potential impact to the operations of the University. If a system is unable to be patched according to these timeframes, a standard exception should be requested.