...
Table 2-1: Requirements for Vulnerability Remediation for External ApplicationApplications
In respect of internal applications, the following requirements define the point of time until a vulnerability MUST be remediated if possible or at least its exploitability prevented:
...