Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology
Murugiah Souppaya, Karen Scarfone
Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patching is more important than ever because of the increasing reliance on technology, but there is often a divide between business/mission owners and security/technology management about the value of patching. This publication frames patching as a critical component of preventive maintenance for computing technologies – a cost of doing business, and a necessary part of what organizations need to do in order to achieve their missions. This publication also discusses common factors that affect enterprise patch management and recommends creating an enterprise strategy to simplify and operationalize patching while also improving reduction of risk. Preventive maintenance through enterprise patch management helps prevent compromises, data breaches, operational disruptions, and other adverse events.
and Scarfone, K.
Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-40r4, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934311
(Accessed September 25, 2023)