Date Published: July 2013
Supersedes: SP 800-40 Version 2.0 (November 2005)
Author(s)
Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)
Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. This publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and examines the challenges inherent in performing patch management. It provides an overview of enterprise patch management technologies and it also briefly discusses metrics for measuring the technologies’ effectiveness. Draft NIST SP 800-40 Revision 3 replaces the previous release (version 2), which was published in 2005.
Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. This publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and...
See full abstract
Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. This publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and examines the challenges inherent in performing patch management. It provides an overview of enterprise patch management technologies and it also briefly discusses metrics for measuring the technologies’ effectiveness. Draft NIST SP 800-40 Revision 3 replaces the previous release (version 2), which was published in 2005.
Hide full abstract
Keywords
information security; patch management; remediation; software patches; vulnerability management
Control Families
Configuration Management;
Incident Response;
Maintenance;
Risk Assessment;
System and Information Integrity;