Patch Tuesday – Feb 21st 2017

Lock 0

One critical updates this month; check the Microsoft Security Bulletin for details of September’s Patch Tuesday.

Ready to Patch?

Start -> All Programs -> Windows Update -> Check for updates

WindowsUpdate

Then follow the on-screen instructions.

Customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available; remember to test the patches in a non-production environment first.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Not just Security – Compliance & Conformance…

WHY HIPAA & PATCH MANAGEMENT?

HIPAA has critical compliance requirements towards maintenance and storage of private customer health information. Protecting enterprise systems from endpoint vulnerabilities that arise from unpatched applications and software is an important requirement of HIPAA patch compliance.

 164.308(a)(5)(ii)(B) – Protection from Malicious Software

NIST

http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

ISO 27001

A.12.6.1 Management of technical vulnerabilities

Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.

EHNAC

Criterion 186

Candidate must demonstrate that configuration standards are in place that include patch management for systems which store, transmit, or access Electronic PHI, including workstations.

SANS 20

CSC 4-5

Deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. Patches should be applied to all systems, even systems that are properly air gapped.  (See also CSC 4-7, CSC 4-8, CSC 4-9, CSC 4-10)

CCM

TVM-02

Changes shall be managed through a change management process for all vendor-supplied patches, configuration changes, or changes to the organization’s internally developed software.

ecfirst

ecfirst

ecfirst delivers complete end-to-end compliance and information security services across the United States and worldwide.

Training solutions include the gold standard HIPAA credential, Certified HIPAA Professional (CHP) and our world’s first compliance and cyber security credential, Certified Security Compliance Specialist (CSCS).

ecfirst is a HITRUST Authorized CSF Assessor.

Many clients engage ecfirst extensively for the flexible services that range from on-demand consulting to its managed compliance services programs that covers training, policies, remediation, risk assessment, technical vulnerability assessments penetration testing and much more.
ecfirst
Share.

Leave A Reply