LUL - S1745
Cyber security vulnerability management
|Publication Date:||1 March 2018|
The standard is for use by system owners, System Administrators and the Cyber Security and Incident Response Team (CSIRT).
The standard applies to information, IT Devices, networks, endpoints and users that are owned, operated or supported by TfL or on behalf of TfL. This includes:
a) User Devices, including 'thick' and 'thin' desktop computers, portable Devices (e.g. laptops) and mobile Devices such as tablet computers and smartphones
b) Servers (physical and virtual), including file servers, application servers, web servers, database servers and any servers that manage network connections
c) Network infrastructure and security components, including Devices managing connections (switches, routers), Devices for protecting the networks and systems (IDS/IPS) or Devices managing network connections (firewalls, load balancers).
The purpose of this cyber security standard is to specify the requirements for the Vulnerability management of TfL's entire environment. 1.2 This standard is intended to represent a minimum baseline for managing Vulnerabilities within TfL as well as managing and protecting against malicious attacks in order to reduce the risk to confidentiality, integrity or availability of TfL Information Technology (IT) systems and information.