U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology

Published

Author(s)

Murugiah Souppaya, Karen Scarfone

Abstract

Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patching is more important than ever because of the increasing reliance on technology, but there is often a divide between business/mission owners and security/technology management about the value of patching. This publication frames patching as a critical component of preventive maintenance for computing technologies – a cost of doing business, and a necessary part of what organizations need to do in order to achieve their missions. This publication also discusses common factors that affect enterprise patch management and recommends creating an enterprise strategy to simplify and operationalize patching while also improving reduction of risk. Preventive maintenance through enterprise patch management helps prevent compromises, data breaches, operational disruptions, and other adverse events.
Citation
Special Publication (NIST SP) - 800-40r4
Report Number
800-40r4
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-40r4
Local Download

Keywords

enterprise patch management, patch, risk management, update, upgrade, vulnerability management.
Trustworthy platforms, Information technology and Cybersecurity

Citation

Souppaya, M. and Scarfone, K. (2022), Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-40r4, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934311 (Accessed November 23, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created April 6, 2022, Updated November 29, 2022