patch management

The process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. From a security perspective, patches are most often of interest because they are mitigating software flaw vulnerabilities; applying patches to eliminate these vulnerabilities significantly reduces the opportunities for exploitation. Also, patches are usually the most effective way to mitigate software flaw vulnerabilities, and are often the only fully effective solution. (SP 800-40 Rev. 3)

Related Projects

Security Content Automation Protocol SCAP
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications...

Security Content Automation Protocol Validation Program SCAPVP
The SCAP Validation Program is designed to test the ability of products to use the features and...

Security Content Automation Protocol Version 2 (SCAP v2) SCAP v2
Security Content Automation Protocol Version 2 (SCAP v2) is a major update to the SCAP 1.x...

Software Identification (SWID) Tagging SWID
Software is vital to our economy and way of life as part of the critical infrastructure for the...

View All Projects

Related Events

Security Content Automation Protocol Version 2 Introductory Teleconference
October 4, 2018
We are pleased to announce that a teleconference introducing the SCAP Version 2 effort has been...

Second Workshop on Enhancing Resilience of the Internet and Communications Ecosystem
February 28, 2018 to March 1, 2018
This workshop will discuss substantive public comments, including open issues) on a draft report...

View All Events

Related News

Improving Enterprise Patching for General IT Sys
September 10, 2020
A preliminary draft of Volume A of SP 1800-31A, "Improving Enterprise Patching for General IT...

NIST Publishes NISTIR 8011 Vol. 4
April 28, 2020
NIST has published Volume 4 of NISTIR 8011: "Automation Support for Security Control Assessments:...

NIST Releases Draft SP 1800-23 for Comment
September 23, 2019
The NCCoE has released Draft SP 1800-23, "Energy Sector Asset Management," for public comment. The...

NIST Released DRAFT Special Publication 800-40 Revision 3
September 5, 2012
NIST announces the public comment release of draft NIST Special Publication (SP) 800-40 Revision...

View All News

Related Publications

Towards Usable Updates for Smart Home Devices
Conference Proceedings
September 17, 2020
Final

Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways (Preliminary Draft)
SP 1800-31 (Draft)
September 10, 2020
Draft

Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry
SP 1800-23
May 20, 2020
Final

Automation Support for Security Control Assessments: Software Vulnerability Management
NISTIR 8011 Vol. 4
April 28, 2020
Final

[Project Description] Critical Cybersecurity Hygiene: Patching the Enterprise
White Paper
March 30, 2020
Final

View All Publications

Topics

Security and Privacy
Technologies
Applications
Laws and Regulations
Activities and Products
Sectors

Information Technology Laboratory

Computer Security Resource Center

Computer Security Resource Center

patch management

Topics

Related Topics