AnsweredAssumed Answered

Once you have your vulnerability data, how long should you allow for remediation?

Question asked by marcopolo on Jun 30, 2011
Latest reply on Jun 30, 2011 by nthomas

Hi folks,

Im using the QualysGuard PCI scanning tool for PCI compliance.

I am struggling to find any guidance in the PCI council (or on here) about remediation fix times. So for example if your platform has high vulnerabilities what guidline fix times should you be suggesting for them, and for mediums too.


I guess it kind of depends on the type of vulnerability and the ability of the platforms to turn around a fix, but surely there must be some guidance somewhere on this issue?


Many thanks