U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guide to Enterprise Patch Management Technologies

Published

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Abstract

Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. There are several challenges that complicate patch management. If organizations do not overcome these challenges, they will be unable to patch systems effectively and efficiently, leading to easily preventable compromises. This publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and examines the challenges inherent in performing patch management. It provides an overview of enterprise patch management technologies and it also briefly discusses metrics for measuring the technologies' effectiveness and for comparing the relative importance of patches. [Supersedes SP 800-40 Version 2.0 (November 2005): http://www.nist.gov/manuscript-publication- search.cfm?pub_id=150402]
Citation
Special Publication (NIST SP) - 800-40 Rev 3
Report Number
800-40 Rev 3
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs
Supercedes Publication
Creating a Patch and Vulnerability Management Program

Download Paper

DOI Link

Keywords

information security, patch management, remediation, software patches, vulnerability management
Cybersecurity

Citation

Souppaya, M. and Scarfone, K. (2013), Guide to Enterprise Patch Management Technologies, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-40r3 (Accessed November 20, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 22, 2013, Updated May 4, 2021