Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Procedures for Handling Security Patches

Published

Author(s)

Peter M. Mell, Miles C. Tracy

Abstract

[Superseded by SP 800-40 Version 2.0 (November 2005): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150402] Timely patching is critical to maintain the operational availability, confidentiality, and integrity of IT systems. However, failure to keep operating system and application software patched is the most common mistake made by information technology (IT) professionals. To help address this growing problem, this special publication recommends methods to help organizations have an explicit and documented patching and vulnerability policy and a systematic, accountable, and documented process for handling patches. This document also covers areas such as prioritizing patches, obtaining patches, testing patches, and applying patches.
Citation
Special Publication (NIST SP) - 800-40
Report Number
800-40

Keywords

computer security, security patches, vulnerability management

Citation

Mell, P. and Tracy, M. (2002), Procedures for Handling Security Patches, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed October 31, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 1, 2002, Updated May 4, 2021