PKI patching best practices
Hello Experts,
One of my customers is facing a challenge with their security team who is pushing them to patch all PKI servers in a monthly basis.
The IT department is looking for some sort of documentation on best practices to patch PKI servers[Root Offline, Enteprise sub CAs, NDES, OCSP, and web servers holding the CDP locations].
The idea is to push back their requirements, and come with an agreement to patch each PKI server role only when is really required or a few times a year without compromising the integrity of the infrastructure and security.
What are best practices to patch PKI servers per role?
What is the impact if one of the servers becomes available after patching? Please, elaborate your answer
Is there a business case or doc that can be used a justification to push back this requirement?
Please, provide as much information as you can per server role and service impact
thanks
One of my customers is facing a challenge with their security team who is pushing them to patch all PKI servers in a monthly basis.
The IT department is looking for some sort of documentation on best practices to patch PKI servers[Root Offline, Enteprise sub CAs, NDES, OCSP, and web servers holding the CDP locations].
The idea is to push back their requirements, and come with an agreement to patch each PKI server role only when is really required or a few times a year without compromising the integrity of the infrastructure and security.
What are best practices to patch PKI servers per role?
What is the impact if one of the servers becomes available after patching? Please, elaborate your answer
Is there a business case or doc that can be used a justification to push back this requirement?
Please, provide as much information as you can per server role and service impact
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have recommended this question be closed as follows:
Split:
-- Jeremy Weisinger (https:#a42378812)
-- footech (https:#a42379098)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer