||Exceptions to Patching: Service Provider and Network Operator systems that are not compliant with the patching policy should be noted and these particular elements should be monitored on a regular basis. These exceptions should factor heavily into the organization's monitoring strategy. Vulnerability mitigation plans should be developed and implemented in lieu of the patches. If no acceptable mitigation exists, the risks should be communicated to management.
||Cable; Internet/Data; Satellite; Wireless; Wireline
||Service Provider; Network Operator
||Cyber Security;Network Operations;Policy;Software;
||Configuration guide for security from NIST (800-53 Rev. 3).