India's CERT-In has released a 38-page cybersecurity framework urging organizations to contain exploited internet-facing vulnerabilities within 12 hours, with tiered remediation windows of 1 day for critical external flaws, 3 days for critical internal ones, and 5 days for high-severity issues. The agency cites AI-assisted attacks dramatically compressing exploitation timelines as the driver. Analysts note the 12-hour target is a containment goal for narrow high-value assets, not a blanket patch mandate, and that the real challenge lies in operational maturity — asset visibility, automated prioritization, and cross-functional response. The framework pushes organizations from periodic vulnerability management toward continuous exposure management, including compensating controls like isolation and WAF protections when patching isn't immediately feasible. Analysts suggest this tiered, asset-category-based approach could preview future global vulnerability management standards.
Sort: