Critical vendor-supplied security patches must be installed within?

The correct time frame for installing critical vendor-supplied security patches is 1 month. This requirement is aligned with the PCI DSS standards that dictate organizations must address vulnerabilities in a timely manner to maintain a secure environment for cardholder data. By implementing critical patches within a month, organizations can mitigate significant risks that could arise from unaddressed vulnerabilities.

The rationale behind this specific timeframe is based on the urgency of responding to potential security threats. Patches often address vulnerabilities that could be exploited by attackers, leading to data breaches or other security incidents. By ensuring that these critical updates are applied within a month, organizations demonstrate a proactive approach to safeguarding their systems against known security flaws.

This prescribed timeline helps maintain not only compliance with PCI DSS but also enhances the overall security posture of the organization, ensuring that they remain vigilant in the face of evolving threats.