The purpose of this standard is to provide requirements to Ohio Department of Administrative Services (DAS) technical teams that will allow for the consistent remediation of known security vulnerabilities across DAS-managed information systems and DAS-managed system assets. This standard identifies the security vulnerability severity rating methodology and establishes the maximum timeframes for vulnerability remediation.