The Center for Internet Security (CIS) Controls emphasize the importance of keeping systems updated, and Control 7.3 focuses on automating operating system patch management to protect enterprise assets.

This safeguard requires organizations to automate the process of applying updates to operating systems on a regular schedule.

Here’s how to implement this:

• Automated Updates: Use tools like Microsoft Windows Server Update Services (WSUS), Linux package managers, or third-party solutions to automate patch deployment. This minimizes manual effort and ensures consistency.  This is also an area where tools designed for Managed Services Providers known as RMM (Remote Monitoring and Management) that provide management of OS patching.  
• Regular Cadence: Apply patches monthly or more frequently, especially for critical updates addressing known vulnerabilities. Timely updates help close security gaps before they can be exploited.
• Enterprise Assets: This applies to all systems, including servers, workstations, and any other devices running operating systems within your environment.

Why is this important? Outdated operating systems are a common entry point for attackers. Automating patch management reduces the likelihood of missing updates, helping you maintain a secure and compliant environment.

To recap, CIS Control 7.3 ensures your organization leverages automation to keep operating systems up to date, protecting enterprise assets from known vulnerabilities and reducing the risk of exploitation.