P.5 Manage vulnerable components and containers

Develop and implement a strategy for patching/upgrading components and containers to the latest secure version.

Controls

P.5.1 SBOM consumption

Utilize SBOM information to react to security incidents and to identify which components need to be updated or patched.

P.5.2 Dependency update

Update vulnerable dependency when a fixed version is available