Vulnerability and Patch Management Standard

The University of Michigan-Dearborn follows the Information Assurance Data Security standard on Vulnerability Management.

Schedule

Routine operating system patches occur monthly. Standard updates will occur after a Production Freeze, if the schedule conflicts with the published Production Freeze schedule. Emergency updates will be implemented outside of the monthly schedule and communicated accordingly.

Notification

All system work is announced on the UM-Dearborn ITS Status page and announced via email over the Frontline notification email group.

ITS-managed workstations and servers

All servers and workstations that are managed by ITS will follow the patching schedule outlined. Non-ITS servers and workstations will be patched by ITS if there is a signed Memorandum of Understanding between the unit and ITS.

Self-managed workstations and servers

Departments and users that administer their own servers and workstations must still adhere to the policy outlined in the Vulnerability Management policy and are responsible for keeping their systems up to date. Vulnerability scanning reports will be sent to the users of those devices.

Policy owned by: Information Technology Services
Last reviewed date: 9/15/2024
Last updated date: 9/15/2024
Next review date: 7/1/2026