Mell, P.
and Tracy, M.
(2002),
Procedures for Handling Security Patches, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD
(Accessed December 17, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Procedures for Handling Security Patches
Published
Author(s)
, Miles C. Tracy
Abstract
[Superseded by SP 800-40 Version 2.0 (November 2005): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150402] Timely patching is critical to maintain the operational availability, confidentiality, and integrity of IT systems. However, failure to keep operating system and application software patched is the most common mistake made by information technology (IT) professionals. To help address this growing problem, this special publication recommends methods to help organizations have an explicit and documented patching and vulnerability policy and a systematic, accountable, and documented process for handling patches. This document also covers areas such as prioritizing patches, obtaining patches, testing patches, and applying patches.Citation
Special Publication (NIST SP) - 800-40
Report Number
800-40
NIST Pub Series
Pub Type
NIST Pubs
Superceded By Publication
Keywords
computer security, security patches, vulnerability management
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created August 1, 2002, Updated May 4, 2021