Vulnerability Remediation Clause Samples
Vulnerability Remediation. Processor will immediately remediate weaknesses and vulnerabilities identified in penetration testing and/or vulnerability management activities within ten (10) days (unless such other time period is agreed to in writing by the parties) of identification of such weaknesses and/or vulnerabilities. If Processor is unable to remediate critical vulnerabilities within ten (10) days then Processor must notify NNA in writing, and NNA shall (i) have the right to terminate this DPA and the Principal Agreements for cause in accordance with the DPA, or (ii) in NNA’s sole discretion, allow Processor to perform such remediation during a time period mutually agreed upon in writing by the parties so that Processor’s Networks are in compliance with Processor’s data security policies, Security Requirements and NIST Special Publication – 800-115.
Vulnerability Remediation. All vulnerabilities will be ranked as to level of priority and addressed accordingly. Vulnerability treatment options shall include remediation (apply a patch, adjust system), configuration, removal of the affected component from service, and application of an alternative compensating control(s).