{"id":1112,"date":"2019-11-06T14:44:41","date_gmt":"2019-11-06T19:44:41","guid":{"rendered":"https:\/\/ndisac.org\/dev\/dibscc\/?p=1112"},"modified":"2025-05-16T13:24:16","modified_gmt":"2025-05-16T18:24:16","slug":"system-patching","status":"publish","type":"post","link":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/","title":{"rendered":"Patching"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;4.0.6&#8243;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.0.6&#8243;][et_pb_text admin_label=&#8221;Add Description Here&#8221; _builder_version=&#8221;4.9.2&#8243; vertical_offset_tablet=&#8221;0&#8243; horizontal_offset_tablet=&#8221;0&#8243; z_index_tablet=&#8221;500&#8243; text_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; text_text_shadow_vertical_length_tablet=&#8221;0px&#8221; text_text_shadow_blur_strength_tablet=&#8221;1px&#8221; link_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; link_text_shadow_vertical_length_tablet=&#8221;0px&#8221; link_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ul_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ul_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ul_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ol_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ol_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ol_text_shadow_blur_strength_tablet=&#8221;1px&#8221; quote_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; quote_text_shadow_vertical_length_tablet=&#8221;0px&#8221; quote_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_text_shadow_vertical_length_tablet=&#8221;0px&#8221; header_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_2_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_2_text_shadow_vertical_length_tablet=&#8221;0px&#8221; header_2_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_3_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_3_text_shadow_vertical_length_tablet=&#8221;0px&#8221; header_3_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_4_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_4_text_shadow_vertical_length_tablet=&#8221;0px&#8221; header_4_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_5_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_5_text_shadow_vertical_length_tablet=&#8221;0px&#8221; header_5_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_6_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_6_text_shadow_vertical_length_tablet=&#8221;0px&#8221; header_6_text_shadow_blur_strength_tablet=&#8221;1px&#8221; box_shadow_horizontal_tablet=&#8221;0px&#8221; box_shadow_vertical_tablet=&#8221;0px&#8221; box_shadow_blur_tablet=&#8221;40px&#8221; box_shadow_spread_tablet=&#8221;0px&#8221;]NIST defines patch management as the systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs. <a href=\"https:\/\/csrc.nist.gov\/glossary\/term\/patch_management\" target=\"_blank\" rel=\"noopener noreferrer\">(Source)<\/a><\/p>\n<p>The need to remediate system flaws applies to all types of software and firmware. Organizations identify systems affected by software flaws, including potential vulnerabilities resulting from those flaws, and report this information to designated organizational personnel with information security and privacy responsibilities. Security-relevant updates include patches, service packs, and malicious code signatures. Organizations also address flaws discovered during assessments, continuous monitoring, incident response activities, and system error handling. By incorporating flaw remediation into configuration management processes, required remediation actions can be tracked and verified. <a href=\"https:\/\/csrc.nist.gov\/projects\/cprt\/catalog#\/cprt\/framework\/version\/SP_800_53_5_1_0\/home?element=SI-2\" target=\"_blank\" rel=\"noopener noreferrer\">(Source)<\/a>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.9.2&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; locked=&#8221;off&#8221; sticky_enabled=&#8221;0&#8243;]\n\t\t\t<div class='et-tabs-container et_sliderfx_fade et_sliderauto_false et_sliderauto_speed_5000 et_slidertype_top_tabs'>\n\t\t\t\t<p>\n\t\t<ul class='et-tabs-control'>\n\t\t\t<li><a href='#'>\n\t\t\tStandards\n\t\t<\/a><\/li>\n\n\t\t<li><a href='#'>\n\t\t\tImplementation \/ Use Cases\n\t\t<\/a><\/li>\n\n\t\t<li><a href='#'>\n\t\t\tIndustry Best Practices\n\t\t<\/a><\/li>\n\n\t\t<li><a href='#'>\n\t\t\tExample Tools \/ Policies\n\t\t<\/a><\/li>\n\n\t\t<li><a href='#'>\n\t\t\tCMMC Readiness\n\t\t<\/a><\/li>\n\t\t<\/ul> <!-- .et-tabs-control -->\n\n\t\t<div class='et-tabs-content'>\n\t\t\t<div class='et-tabs-content-main-wrap'>\n\t\t\t\t<div class='et-tabs-content-wrapper'>\n\t\t\t\t\t<div class='et_slidecontent'>\n\t\t\t<p class=\"p1\"><span class=\"s1\"><!-- Beginning of Link Library Output --><div id='linklist1' class='linklist'><!-- Div Linklist -->\n<div class=\"LinkLibraryCat LinkLibraryCat627 level0\"><!-- Div Category -->\n\t<ul>\n<li><a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-115.pdf\" id=\"link-1446\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">NIST SP 800-115: Technical Guide to Information Security Testing and Assessment<\/a>\n<p>This NIST Special Publication is a guide to the basic technical aspects of conducting information security assessments.<\/p><\/li>\n<li><a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-40r4.pdf\" id=\"link-1490\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">NIST SP 800-40 Rev 4: Guide to Enterprise Patch Management Technologies<\/a>\n<p>This NIST Special Publication is designed to assist organizations in understanding the basics of enterprise patch management technologies.<\/p><\/li>\n<li><a href=\"https:\/\/csrc.nist.gov\/projects\/cprt\/catalog#\/cprt\/framework\/version\/SP_800_53_5_1_1\/home?element=MA-02\" id=\"link-6307\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">NIST SP 800-53 Rev 5: MA\u20132 Controlled Maintenance<\/a>\n<p>NIST resources that defines requirement for controlled maintenance.<\/p><\/li>\n<li><a href=\"https:\/\/csrc.nist.gov\/projects\/cprt\/catalog#\/cprt\/framework\/version\/SP_800_53_5_1_1\/home?element=MA-03\" id=\"link-6310\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">NIST SP 800-53 Rev 5: MA\u20133 Maintenance Tools<\/a>\n<p>NIST resources that defines requirements for review, assessment, and approval of system maintenance tools<\/p><\/li>\n<li><a href=\"https:\/\/csrc.nist.gov\/projects\/cprt\/catalog#\/cprt\/framework\/version\/SP_800_53_5_1_1\/home?element=MA-04\" id=\"link-6308\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">NIST SP 800-53 Rev 5: MA\u20134 Nonlocal Maintenance<\/a>\n<p>NIST resources that define requirements for nonlocal system maintenance activities<\/p><\/li>\n\t<\/ul>\n<\/div><!-- Div End Category -->\n<script type='text\/javascript'>\njQuery(document).ready(function()\n{\njQuery('.arrow-up').hide();\njQuery('#linklist1 a.track_this_link').click(function() {\nlinkid = this.id;\nlinkid = linkid.substring(5);\npath = '';\njQuery.ajax( {    type: 'POST',    url: 'https:\/\/ndisac.org\/dibscc\/wp-admin\/admin-ajax.php',     data: { action: 'link_library_tracker',             _ajax_nonce: 'b6c3152607',             id:linkid, xpath:path }     });\nreturn true;\n});\njQuery('#linklist1 .expandlinks').click(function() {\ntarget = '.' + jQuery(this).attr('id');\nsubcattarget = '.' + jQuery(this).attr('data-subcat');\nif ( jQuery( target ).is(':visible') ) {\njQuery(target).slideUp();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/expand-32.png');\n} else {\njQuery(target).slideDown();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/collapse-32.png');\n}\n});\njQuery('#linklist1 .linklistcatclass').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\njQuery('#linklist1 .linklistcatnamedesc').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\n});\n<\/script>\n<\/div><!-- Div Linklist -->\n<!-- End of Link Library Output -->\n\t\t<\/div>\n\n\t\t<div class='et_slidecontent'>\n\t\t\t<p class=\"p1\"><span class=\"s1\"><!-- Beginning of Link Library Output --><div id='linklist1' class='linklist'><!-- Div Linklist -->\n<div class=\"LinkLibraryCat LinkLibraryCat628 level0\"><!-- Div Category -->\n\t<ul>\n<li><a href=\"https:\/\/learn.cisecurity.org\/cis-ram\" id=\"link-1502\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Center for Internet Security &#8211; Risk Assessment Method<\/a>\n<p>This link provides information about CIS RAM, an information security risk assessment method.<\/p><\/li>\n<li><a href=\"https:\/\/connectsecure.com\/blog\/best-practices-for-vulnerability-management-implementation\" id=\"link-1492\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Connect Secure \u2013 Best Practices for Vulnerability Management Implementation<\/a>\n<p>This article speaks to key components of a vulnerability management program for MSP's.<\/p><\/li>\n<li><a href=\"https:\/\/purplesec.us\/learn\/vulnerability-prioritization\/\" id=\"link-1496\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">PurpleSec &#8211; How To Prioritize Vulnerabilities For Remediation<\/a>\n<p>This article from PurpleSec identifies the importance of prioritizing vulnerabilities.<\/p><\/li>\n<li><a href=\"https:\/\/www.sprocketsecurity.com\/blog\/vulnerability-management-best-practices\" id=\"link-1172\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Sprocket Security &#8211; 10 Best Practices for Vulnerability Management<\/a>\n<p>This article from Sprocket Security highlights the challenges of vulnerability management and how to establish an effective vulnerability management program.<\/p><\/li>\n\t<\/ul>\n<\/div><!-- Div End Category -->\n<script type='text\/javascript'>\njQuery(document).ready(function()\n{\njQuery('.arrow-up').hide();\njQuery('#linklist1 a.track_this_link').click(function() {\nlinkid = this.id;\nlinkid = linkid.substring(5);\npath = '';\njQuery.ajax( {    type: 'POST',    url: 'https:\/\/ndisac.org\/dibscc\/wp-admin\/admin-ajax.php',     data: { action: 'link_library_tracker',             _ajax_nonce: 'b6c3152607',             id:linkid, xpath:path }     });\nreturn true;\n});\njQuery('#linklist1 .expandlinks').click(function() {\ntarget = '.' + jQuery(this).attr('id');\nsubcattarget = '.' + jQuery(this).attr('data-subcat');\nif ( jQuery( target ).is(':visible') ) {\njQuery(target).slideUp();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/expand-32.png');\n} else {\njQuery(target).slideDown();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/collapse-32.png');\n}\n});\njQuery('#linklist1 .linklistcatclass').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\njQuery('#linklist1 .linklistcatnamedesc').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\n});\n<\/script>\n<\/div><!-- Div Linklist -->\n<!-- End of Link Library Output -->\n\t\t<\/div>\n\n\t\t<div class='et_slidecontent'>\n\t\t\t<p class=\"p1\"><span class=\"s1\"><!-- Beginning of Link Library Output --><div id='linklist1' class='linklist'><!-- Div Linklist -->\n<div class=\"LinkLibraryCat LinkLibraryCat629 level0\"><!-- Div Category -->\n\t<ul>\n<li><a href=\"https:\/\/www.ibm.com\/think\/topics\/vulnerability-scanning\" id=\"link-1439\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">IBM &#8211; What is vulnerability scanning?<\/a>\n<p>This article addresses the importance of vulnerability scanning, how the process works, and types of vulnerability scanners.<\/p><\/li>\n<li><a href=\"https:\/\/www.kaseya.com\/blog\/patch-management-policy\/\" id=\"link-1500\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Kaseya &#8211; Patch Management Policy<\/a>\n<p>In this blog, Kaseya will discuss patch management policy best practices and explain how they contribute to a better patching environment for large and small organizations alike.<\/p><\/li>\n<li><a href=\"https:\/\/www.tripwire.com\/state-of-security\/vulnerability-management-best-practice\" id=\"link-1444\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Tripwire &#8211; Vulnerability Management Program Best Practices<\/a>\n<p>In this article from Tripwire, they discuss the four stages of a vulnerability management program<\/p><\/li>\n<li><a href=\"https:\/\/www.wiz.io\/academy\/vulnerability-management\/vulnerability-management-best-practices\" id=\"link-14671\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Wiz.io &#8211; 11 Vulnerability Management Best Practices<\/a>\n<p>In this article from Wiz, they discuss the 11 essential vulnerability management best practices organizations should start with.<\/p><\/li>\n\t<\/ul>\n<\/div><!-- Div End Category -->\n<script type='text\/javascript'>\njQuery(document).ready(function()\n{\njQuery('.arrow-up').hide();\njQuery('#linklist1 a.track_this_link').click(function() {\nlinkid = this.id;\nlinkid = linkid.substring(5);\npath = '';\njQuery.ajax( {    type: 'POST',    url: 'https:\/\/ndisac.org\/dibscc\/wp-admin\/admin-ajax.php',     data: { action: 'link_library_tracker',             _ajax_nonce: 'b6c3152607',             id:linkid, xpath:path }     });\nreturn true;\n});\njQuery('#linklist1 .expandlinks').click(function() {\ntarget = '.' + jQuery(this).attr('id');\nsubcattarget = '.' + jQuery(this).attr('data-subcat');\nif ( jQuery( target ).is(':visible') ) {\njQuery(target).slideUp();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/expand-32.png');\n} else {\njQuery(target).slideDown();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/collapse-32.png');\n}\n});\njQuery('#linklist1 .linklistcatclass').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\njQuery('#linklist1 .linklistcatnamedesc').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\n});\n<\/script>\n<\/div><!-- Div Linklist -->\n<!-- End of Link Library Output -->\n\t\t<\/div>\n\n\t\t<div class='et_slidecontent'>\n\t\t\t<p class=\"p1\"><span class=\"s1\"><!-- Beginning of Link Library Output --><div id='linklist1' class='linklist'><!-- Div Linklist -->\n<div class=\"LinkLibraryCat LinkLibraryCat630 level0\"><!-- Div Category -->\n\t<ul>\n<li><a href=\"https:\/\/www.cisa.gov\/cyber-hygiene-services\" id=\"link-14678\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Cybersecurity and Infrastructure Security Agency &#8211; Cyber Hygiene Services<\/a>\n<p>Cyber Hygiene services are provided by CISA\u2019s trained information security experts equipped with the latest tools.\u00a0Because the services look for assets exposed to the internet, they identify vulnerabilities that could otherwise go unmanaged.<\/p><\/li>\n<li><a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/no-cost-cybersecurity-services-and-tools\" id=\"link-1449\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Cybersecurity and Infrastructure Security Agency &#8211; No-Cost Cybersecurity Services and Tools<\/a>\n<p>CISA has compiled a list of no cost services and tools provided by private and public sector organizations across the cyber community.<\/p><\/li>\n<li><a href=\"https:\/\/www.ninjaone.com\/blog\/vulnerability-remediation-timelines-best-practices\/\" id=\"link-1498\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">ninjaOne &#8211; Vulnerability Remediation Timelines: 7 Best Practices<\/a>\n<p>This article explains the best ways to remediate vulnerabilities in a timely and prompt manner.<\/p><\/li>\n<li><a href=\"https:\/\/owasp.org\/www-community\/Vulnerability_Scanning_Tools\" id=\"link-1441\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Open Web Application Security Project (OWASP) &#8211; Vulnerability Scanning Tools<\/a>\n<p>Open Web Application Security Project (OWASP) provides a list of commercial and free vulnerability scanning tools for various platforms.<\/p><\/li>\n<li><a href=\"https:\/\/its.ny.gov\/system\/files\/documents\/2024\/02\/nys-s15-002-vulnerability-management.pdf\" id=\"link-1167\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">State of New York &#8211; Vulnerability Management<\/a>\n<p>The following is an example from the state of New York of a vulnerability scanning policy.<\/p><\/li>\n<li><a href=\"https:\/\/www.wiz.io\/academy\/vulnerability-management\/oss-vulnerability-management-tools\" id=\"link-14680\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">Wiz.io Top OSS vulnerability management tools<\/a>\n<p>8 open-source vulnerability management tools and their features, categorized by use case.<\/p><\/li>\n\t<\/ul>\n<\/div><!-- Div End Category -->\n<script type='text\/javascript'>\njQuery(document).ready(function()\n{\njQuery('.arrow-up').hide();\njQuery('#linklist1 a.track_this_link').click(function() {\nlinkid = this.id;\nlinkid = linkid.substring(5);\npath = '';\njQuery.ajax( {    type: 'POST',    url: 'https:\/\/ndisac.org\/dibscc\/wp-admin\/admin-ajax.php',     data: { action: 'link_library_tracker',             _ajax_nonce: 'b6c3152607',             id:linkid, xpath:path }     });\nreturn true;\n});\njQuery('#linklist1 .expandlinks').click(function() {\ntarget = '.' + jQuery(this).attr('id');\nsubcattarget = '.' + jQuery(this).attr('data-subcat');\nif ( jQuery( target ).is(':visible') ) {\njQuery(target).slideUp();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/expand-32.png');\n} else {\njQuery(target).slideDown();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/collapse-32.png');\n}\n});\njQuery('#linklist1 .linklistcatclass').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\njQuery('#linklist1 .linklistcatnamedesc').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\n});\n<\/script>\n<\/div><!-- Div Linklist -->\n<!-- End of Link Library Output -->\n\t\t<\/div>\n\n\t\t<div class='et_slidecontent'>\n\t\t\tCMMC Related Controls<\/p>\n<ul>\n<li>Level 2 | <a href=\"https:\/\/ndisac.org\/dibscc\/cyberassist\/cybersecurity-maturity-model-certification\/level-2\/ma-l2-3-7-1\/\">MA.L2-3.7.1 \u2013 Perform Maintenance: Perform maintenance on organizational systems.<\/a><\/li>\n<\/ul>\n<p>CMMC Assessment Guides<\/p>\n<p class=\"p1\"><span class=\"s1\"><!-- Beginning of Link Library Output --><div id='linklist1' class='linklist'><!-- Div Linklist -->\n<div class=\"LinkLibraryCat LinkLibraryCat671 level0\"><!-- Div Category -->\n\t<ul>\n<li><a href=\"https:\/\/dodcio.defense.gov\/Portals\/0\/Documents\/CMMC\/AssessmentGuideL1v2.pdf\" id=\"link-9988\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">CMMC Level 1 Self-Assessment Guide<\/a>\n<p>This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1.<\/p>\n<\/li>\n<li><a href=\"https:\/\/dodcio.defense.gov\/Portals\/0\/Documents\/CMMC\/AssessmentGuideL2v2.pdf\" id=\"link-9989\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">CMMC Level 2 Assessment Guide<\/a>\n<p>This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.<\/p>\n<\/li>\n<li><a href=\"https:\/\/dodcio.defense.gov\/Portals\/0\/Documents\/CMMC\/AssessmentGuideL3v2.pdf\" id=\"link-14791\" class=\"track_this_link \" rel=\"noopener noreferrer\" target=\"_blank\">CMMC Level 3 Assessment Guide<\/a>\n<p>This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3.<\/p>\n<\/li>\n\t<\/ul>\n<\/div><!-- Div End Category -->\n<script type='text\/javascript'>\njQuery(document).ready(function()\n{\njQuery('.arrow-up').hide();\njQuery('#linklist1 a.track_this_link').click(function() {\nlinkid = this.id;\nlinkid = linkid.substring(5);\npath = '';\njQuery.ajax( {    type: 'POST',    url: 'https:\/\/ndisac.org\/dibscc\/wp-admin\/admin-ajax.php',     data: { action: 'link_library_tracker',             _ajax_nonce: 'b6c3152607',             id:linkid, xpath:path }     });\nreturn true;\n});\njQuery('#linklist1 .expandlinks').click(function() {\ntarget = '.' + jQuery(this).attr('id');\nsubcattarget = '.' + jQuery(this).attr('data-subcat');\nif ( jQuery( target ).is(':visible') ) {\njQuery(target).slideUp();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/expand-32.png');\n} else {\njQuery(target).slideDown();\njQuery(subcattarget).slideToggle();\njQuery(this).children('img').attr('src', 'https:\/\/ndisac.org\/dibscc\/wp-content\/plugins\/link-library\/icons\/collapse-32.png');\n}\n});\njQuery('#linklist1 .linklistcatclass').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\njQuery('#linklist1 .linklistcatnamedesc').click(function() {\njQuery(this).siblings('.expandlinks').click();\n});\n});\n<\/script>\n<\/div><!-- Div Linklist -->\n<!-- End of Link Library Output -->\n\n<\/span><\/p>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t<\/div> <!-- .et-tabs-container -->[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;4.0.6&#8243;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.0.6&#8243;][et_pb_text admin_label=&#8221;Add Description Here&#8221; _builder_version=&#8221;4.9.2&#8243; vertical_offset_tablet=&#8221;0&#8243; horizontal_offset_tablet=&#8221;0&#8243; z_index_tablet=&#8221;500&#8243; text_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; text_text_shadow_vertical_length_tablet=&#8221;0px&#8221; text_text_shadow_blur_strength_tablet=&#8221;1px&#8221; link_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; link_text_shadow_vertical_length_tablet=&#8221;0px&#8221; link_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ul_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ul_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ul_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ol_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ol_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ol_text_shadow_blur_strength_tablet=&#8221;1px&#8221; quote_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; quote_text_shadow_vertical_length_tablet=&#8221;0px&#8221; quote_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_text_shadow_vertical_length_tablet=&#8221;0px&#8221; [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":1864,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam id tincidunt sapien. Suspendisse aliquam nisl sapien, luctus sodales tellus vehicula non. Interdum et malesuada fames ac ante ipsum primis in faucibus. Etiam facilisis pellentesque sapien, vel porta nibh commodo at. Aliquam eu porta nisi, eget tincidunt quam. Nam eu nunc convallis, gravida magna rhoncus, tincidunt quam. Praesent quis gravida magna, non lacinia orci. Vivamus et scelerisque odio, in fringilla massa. Integer nec ipsum nibh. Mauris tincidunt dictum nulla, id tristique massa dictum ac. Curabitur porttitor nisl sit amet ornare aliquet. Sed sed ultrices nibh, id varius felis. Nunc cursus lobortis ex feugiat aliquam.<\/p><p>Nullam justo dui, imperdiet luctus enim euismod, consequat euismod sapien. Aenean placerat fermentum magna, id tempus libero consectetur nec. Morbi a nunc orci. Donec porta, tellus vitae bibendum pulvinar, diam sapien mattis nisi, vitae lobortis quam sem non purus. Cras tempus odio eget urna faucibus sollicitudin. Aliquam porta neque in arcu vehicula venenatis eu vitae nulla. Vivamus sed neque ligula. Maecenas auctor dui et arcu pellentesque molestie.<\/p><p>Fusce luctus diam sit amet nisl consequat, vitae aliquam metus finibus. Nulla facilisi. In nec neque sem. Ut vitae fermentum mauris, vel gravida turpis. Nunc vitae velit sit amet ipsum semper condimentum sed id metus. Phasellus vel mauris dignissim, lobortis felis ac, eleifend justo. Suspendisse consectetur erat eu ipsum euismod ultricies. Vestibulum a libero quis nibh congue sagittis eget sed ipsum. Morbi dictum mi id sem imperdiet, ac pretium lorem suscipit.<\/p>","_et_gb_content_width":"","footnotes":""},"categories":[24],"tags":[],"class_list":["post-1112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-top-10-high-value-controls"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Patching - DIB SCC CyberAssist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patching - DIB SCC CyberAssist\" \/>\n<meta property=\"og:description\" content=\"[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;4.0.6&#8243;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.0.6&#8243;][et_pb_text admin_label=&#8221;Add Description Here&#8221; _builder_version=&#8221;4.9.2&#8243; vertical_offset_tablet=&#8221;0&#8243; horizontal_offset_tablet=&#8221;0&#8243; z_index_tablet=&#8221;500&#8243; text_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; text_text_shadow_vertical_length_tablet=&#8221;0px&#8221; text_text_shadow_blur_strength_tablet=&#8221;1px&#8221; link_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; link_text_shadow_vertical_length_tablet=&#8221;0px&#8221; link_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ul_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ul_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ul_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ol_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ol_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ol_text_shadow_blur_strength_tablet=&#8221;1px&#8221; quote_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; quote_text_shadow_vertical_length_tablet=&#8221;0px&#8221; quote_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_text_shadow_vertical_length_tablet=&#8221;0px&#8221; [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/\" \/>\n<meta property=\"og:site_name\" content=\"DIB SCC CyberAssist\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-06T19:44:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-16T18:24:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"markcarr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"markcarr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/\",\"url\":\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/\",\"name\":\"Patching - DIB SCC CyberAssist\",\"isPartOf\":{\"@id\":\"https:\/\/ndisac.org\/dibscc\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg\",\"datePublished\":\"2019-11-06T19:44:41+00:00\",\"dateModified\":\"2025-05-16T18:24:16+00:00\",\"author\":{\"@id\":\"https:\/\/ndisac.org\/dibscc\/#\/schema\/person\/930af72cb910c130c27675e47ba8e9a0\"},\"breadcrumb\":{\"@id\":\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#primaryimage\",\"url\":\"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg\",\"contentUrl\":\"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg\",\"width\":1000,\"height\":667,\"caption\":\"Healthcare and medicine or computer antivirus protection and repair maintenance service concept: macro view of blue stethoscope on business office laptop notebook keyboard with selective focus effect\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ndisac.org\/dibscc\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patching\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ndisac.org\/dibscc\/#website\",\"url\":\"https:\/\/ndisac.org\/dibscc\/\",\"name\":\"DIB SCC CyberAssist\",\"description\":\"Cybersecurity Resources for DIB companies and suppliers\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ndisac.org\/dibscc\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/ndisac.org\/dibscc\/#\/schema\/person\/930af72cb910c130c27675e47ba8e9a0\",\"name\":\"markcarr\",\"url\":\"https:\/\/ndisac.org\/dibscc\/author\/markcarr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Patching - DIB SCC CyberAssist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/","og_locale":"en_US","og_type":"article","og_title":"Patching - DIB SCC CyberAssist","og_description":"[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;4.0.6&#8243;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.0.6&#8243;][et_pb_text admin_label=&#8221;Add Description Here&#8221; _builder_version=&#8221;4.9.2&#8243; vertical_offset_tablet=&#8221;0&#8243; horizontal_offset_tablet=&#8221;0&#8243; z_index_tablet=&#8221;500&#8243; text_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; text_text_shadow_vertical_length_tablet=&#8221;0px&#8221; text_text_shadow_blur_strength_tablet=&#8221;1px&#8221; link_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; link_text_shadow_vertical_length_tablet=&#8221;0px&#8221; link_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ul_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ul_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ul_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ol_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ol_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ol_text_shadow_blur_strength_tablet=&#8221;1px&#8221; quote_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; quote_text_shadow_vertical_length_tablet=&#8221;0px&#8221; quote_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_text_shadow_vertical_length_tablet=&#8221;0px&#8221; [&hellip;]","og_url":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/","og_site_name":"DIB SCC CyberAssist","article_published_time":"2019-11-06T19:44:41+00:00","article_modified_time":"2025-05-16T18:24:16+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg","type":"image\/jpeg"}],"author":"markcarr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"markcarr","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/","url":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/","name":"Patching - DIB SCC CyberAssist","isPartOf":{"@id":"https:\/\/ndisac.org\/dibscc\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#primaryimage"},"image":{"@id":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#primaryimage"},"thumbnailUrl":"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg","datePublished":"2019-11-06T19:44:41+00:00","dateModified":"2025-05-16T18:24:16+00:00","author":{"@id":"https:\/\/ndisac.org\/dibscc\/#\/schema\/person\/930af72cb910c130c27675e47ba8e9a0"},"breadcrumb":{"@id":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#primaryimage","url":"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg","contentUrl":"https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg","width":1000,"height":667,"caption":"Healthcare and medicine or computer antivirus protection and repair maintenance service concept: macro view of blue stethoscope on business office laptop notebook keyboard with selective focus effect"},{"@type":"BreadcrumbList","@id":"https:\/\/ndisac.org\/dibscc\/implementation-and-assessment\/top-10-high-value-controls\/system-patching\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ndisac.org\/dibscc\/"},{"@type":"ListItem","position":2,"name":"Patching"}]},{"@type":"WebSite","@id":"https:\/\/ndisac.org\/dibscc\/#website","url":"https:\/\/ndisac.org\/dibscc\/","name":"DIB SCC CyberAssist","description":"Cybersecurity Resources for DIB companies and suppliers","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ndisac.org\/dibscc\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/ndisac.org\/dibscc\/#\/schema\/person\/930af72cb910c130c27675e47ba8e9a0","name":"markcarr","url":"https:\/\/ndisac.org\/dibscc\/author\/markcarr\/"}]}},"rttpg_featured_image_url":{"full":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"landscape":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"portraits":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"thumbnail":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-150x150.jpg",150,150,true],"medium":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-300x200.jpg",300,200,true],"large":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"1536x1536":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"2048x2048":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"et-pb-post-main-image":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-400x250.jpg",400,250,true],"et-pb-post-main-image-fullwidth":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"et-pb-portfolio-image":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-400x284.jpg",400,284,true],"et-pb-portfolio-module-image":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-510x382.jpg",510,382,true],"et-pb-portfolio-image-single":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"et-pb-gallery-module-image-portrait":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-400x516.jpg",400,516,true],"et-pb-post-main-image-fullwidth-large":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"et-pb-image--responsive--desktop":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",1000,667,false],"et-pb-image--responsive--tablet":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-980x654.jpg",826,551,true],"et-pb-image--responsive--phone":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112-480x320.jpg",405,270,true],"gform-image-choice-sm":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",300,200,false],"gform-image-choice-md":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",400,267,false],"gform-image-choice-lg":["https:\/\/ndisac.org\/dibscc\/wp-content\/uploads\/sites\/2\/2019\/11\/21581271-1112.jpg",600,400,false]},"rttpg_author":{"display_name":"markcarr","author_link":"https:\/\/ndisac.org\/dibscc\/author\/markcarr\/"},"rttpg_comment":0,"rttpg_category":" <a href=\"https:\/\/ndisac.org\/dibscc\/category\/implementation-and-assessment\/top-10-high-value-controls\/\" rel=\"tag\">Top 10 High Value Controls<\/a>","rttpg_excerpt":"[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;4.0.6&#8243;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.0.6&#8243;][et_pb_text admin_label=&#8221;Add Description Here&#8221; _builder_version=&#8221;4.9.2&#8243; vertical_offset_tablet=&#8221;0&#8243; horizontal_offset_tablet=&#8221;0&#8243; z_index_tablet=&#8221;500&#8243; text_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; text_text_shadow_vertical_length_tablet=&#8221;0px&#8221; text_text_shadow_blur_strength_tablet=&#8221;1px&#8221; link_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; link_text_shadow_vertical_length_tablet=&#8221;0px&#8221; link_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ul_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ul_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ul_text_shadow_blur_strength_tablet=&#8221;1px&#8221; ol_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; ol_text_shadow_vertical_length_tablet=&#8221;0px&#8221; ol_text_shadow_blur_strength_tablet=&#8221;1px&#8221; quote_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; quote_text_shadow_vertical_length_tablet=&#8221;0px&#8221; quote_text_shadow_blur_strength_tablet=&#8221;1px&#8221; header_text_shadow_horizontal_length_tablet=&#8221;0px&#8221; header_text_shadow_vertical_length_tablet=&#8221;0px&#8221; [&hellip;]","_links":{"self":[{"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/posts\/1112"}],"collection":[{"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/comments?post=1112"}],"version-history":[{"count":16,"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/posts\/1112\/revisions"}],"predecessor-version":[{"id":16321,"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/posts\/1112\/revisions\/16321"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/media\/1864"}],"wp:attachment":[{"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/media?parent=1112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/categories?post=1112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ndisac.org\/dibscc\/wp-json\/wp\/v2\/tags?post=1112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}