Policies and Procedures
The policy was updated on 2/20/2015 by the UETN Governing Board at the recommendation of the UTN Advisory Council and Technical Subcommittee, who worked with UTN staff to address vulnerability remediation. The policy is intended to encourage member sites to remediate vulnerabilities within a defined timeframe. If not, sanctions may be implemented and the UTN Vulnerability Compliance Procedure must be followed.
UTN Vulnerability Management Procedure (pdf), details of the procedure, also approved, include a communication plan, sanctions, and a timeline. Vulnerabilities are defined by levels 1 through 5, with level 5 being the most severe. A level 5 vulnerability can lead to the compromise of a site’s entire network security.
The communication plan includes notification of the vulnerability and guidance for remediation, written and verbal communication, multiple warnings regarding pending sanctions, and a generous timeline.