Skip To Main Content
Site Name Here
MenuSearchA-ZSeven Schools One UniversitySeven Schools One University

Menu

  • Give
  • Apply
  • Visit
Close Menu
About
  • Administrative Offices
  • Campus Maps
  • Core Values
  • Fast Facts
  • Travel and International Services
  • Other USM Schools
  • Policies and Procedures
  • Strategic Plan
  • Sustainability
  • Middle States
  • MPowering the State
  • News
  • University Leadership
  • UMB Experts Guide
Academics
  • Academic Calendar
  • Academy of Lifelong Learning
  • Blackboard
  • Libraries
  • Office of the Provost
  • SURFS
  • UMB Program Explorer
Admissions
  • Financial Aid
  • International Students
  • Military and Veterans
  • Office of the Registrar
Research
  • Breakthroughs Can’t Wait
  • Offices and Contacts
  • Resources for Investigators
  • Services for Investigators
  • UMB Research Profile
University Life
  • Arts and Culture
  • Bookstore
  • Emergency
  • Housing
  • Museums
  • Parking and Transportation Services
  • Rooms Available on Campus
  • SMC Campus Center
  • Student Organizations
  • Student Policies
  • URecFit and Wellness
  • UMB shuttle
  • Welcome to Baltimore
  • One Card
Info For
  • Current Students
  • Faculty and Staff
  • Alumni and Donors
  • Community Members
Resources
  • The Elm
  • Calendar
  • myUMB
  • Directory
  • Blackboard
  • SURFS
  • Emergency
  • UMB Shuttle
Seven Schools One University

Search

Close Menu
Common Searched Terms
  • Graduation 2025
  • Campus Tour
  • Jobs at UMB
  • Parking
  • Tuition Remission
  • Registrar
  • Qualtrics
  • Human Resources
  • URecFit and Wellness
  • Tuition
  • Help Desk

A–Z

Close Menu
    Policies and Procedures

    Information Technology Policies

    1. UMB Home
    2. About UMB
    3. Policies and Procedures
    4. Library
    5. Information Technology
    6. Information Technology Policies
    • UMB HomeAbout UMBPolicies and ProceduresLibraryInformation TechnologyInformation Technology Policies
    • Information Technology Policies
    • Information Technology Procedures

    UMB IT Patch Management Policy

    X-99.13(A)  |  Information Technology  |  Approved May 13, 2025

    Responsible VP/AVP: Peter J. Murray, PhD, CAS, MS

    Applies to: Staff

    Revision History

    Reviewed 04/30/2024

    Purpose

    Addressing IT security vulnerabilities effectively and efficiently through the application of security patches reduces the risk of device, information system and data exploitation. This policy outlines the responsibilities and procedures for managing vulnerabilities and applying patches to ensure the security and integrity of UMB's information systems, computing devices, and data.

    Policy Statement

    UMB information systems and computing devices must be regularly assessed for security vulnerabilities. A regular, ongoing process of applying security patches to UMB owned systems and devices must be followed. A security vulnerability identified as a zero-day vulnerability by trusted sources, such as CISA (Cybersecurity and Infrastructure Security Agency), must be addressed immediately.  Critical or high-rated vulnerabilities reported to MITRE’s CVE (Common Vulnerabilities and Exposures) must be fixed within 30 days of a vendor’s patch or hotfix release. If there is a compelling reason for why a patch cannot be applied to a critical or high vulnerability within 30 days, an exception must be requested from UMB IT Security and Compliance. IT Security and Compliance will review, assess, and document the situation and determine if a temporary exception can be approved.  Security vulnerabilities rated medium or low need to be patched as soon as possible. 

    Scope and Exceptions

    This policy applies to all UMB computing devices and information systems, which includes all software, hardware, and network components. It covers all stages of vulnerability management, from identification and assessment to remediation.

    Roles and Responsibilities

    UMB IT Security and Compliance: Responsible for conducting regular vulnerability scans, assessments and maintaining records of security vulnerabilities and remediations.

    Computing Device and Information System Owners: Responsible for applying patches and ensuring that UMB computing devices and information systems are compliant with this policy, and for reporting any issues or requested exceptions to UMB IT Security and Compliance.

     

    PROCEDURES

    Vulnerability Assessment: Conducting regular scans to identify vulnerabilities in UMB information systems.

    Patch Management: Applying security patches promptly to address identified vulnerabilities. Document and approve any exceptions.

    Monitoring and Reporting: Monitoring systems for compliance with this policy and reporting any deviations to the UMB Chief Information Security Officer.


    • Back to Information Technology Policies

    University of Maryland Baltimore

    The University of Maryland, Baltimore is the founding campus of the University System of Maryland.

    620 W. Lexington St., Baltimore, MD
    21201 | 410-706-3100

    • The Elm
    • Calendar
    • Emergency
    • Mobile UMB
    • UMB Shuttle
    • myUMB
    • Directory
    • IT Help Desk
    • Facilities Work Request
    • Jobs
    • Middle States
    • Strategic Plan
    • Sustainability
    • Clery Report
    • UMB Hotline
    • Facebook
    • Twitter
    • Instagram
    • LinkedIn
    • YouTube
    The University of Maryland, Baltimore prohibits sex discrimination in any education program or activity that it operates. Individuals may report concerns or questions to the Title IX Coordinator. Read the UMB Notice of Non-Discrimination.
    © 2024-2025 University of Maryland, Baltimore. All rights reserved.
    • Privacy Policy
    • Web Accessibility
    • Web Feedback
    • Non-Discrimination