U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Project Description (Initial Public Draft)

Critical Cybersecurity Hygiene: Patching the Enterprise

Date Published: August 31, 2018
Comments Due: October 1, 2018 (public comment period is CLOSED)
Email Questions to: cyberhygiene@nist.gov

Author(s)

Murugiah Souppaya (NIST), Kevin Stine (NIST), Mark Simos (Microsoft), Sean Sweeney (Microsoft), Karen Scarfone (Scarfone Cybersecurity)

Announcement

The Critical Cybersecurity Hygiene: Patching the Enterprise project will examine how commercial and open source tools can be used to aid with the most challenging aspects of patching general IT systems, including system characterization and prioritization, patch testing, and patch implementation tracking and verification. These tools will be accompanied by actionable, prescriptive guidance on establishing policies and processes for the entire patching life cycle.

Ultimately, this project will result in a NIST Cybersecurity Practice Guide, a publicly available description of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.

Abstract

Keywords

cyber hygiene; incidents; patching; security hygiene; software updates; vulnerabilities
Control Families

None selected

Documentation

Publication:
Project Description (pdf)

Supplemental Material:
Project homepage

Document History:
08/31/18: Project Description (Draft)
03/30/20: Project Description (Final)

Topics

Security and Privacy

patch management, vulnerability management

Technologies

software & firmware

Sectors

energy