Radack, S.
(2006),
Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150612
(Accessed December 4, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
Published
Author(s)
Abstract
This bulletin provides information for organizational security managers who are responsible for designing and implementing security patch and vulnerability management programs and for testing the effectiveness of the programs in reducing vulnerabilities. The information is also useful to system administrators and operations personnel who are responsible for applying and testing patches and for deploying solutions to vulnerability problems. The bulletin discusses the need for timely patching of software to maintain the operational availability, confidentiality, and integrity of IT systems. It summarizes NIST recommendations for implementing a systematic, accountable, and documented process for managing exposure to vulnerabilities through the timely deployment of patches. References and sources of information on patch and vulnerability management are provided.Citation
ITL Bulletin -
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
Homeland Security, information technology security, patch management, security management, security patches, system administration, vulnerabilities
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created February 15, 2006, Updated May 4, 2021