Souppaya, M.
and Scarfone, K.
(2022),
Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-40r4, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934311
(Accessed April 19, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology
Published
Author(s)
,
Abstract
Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patching is more important than ever because of the increasing reliance on technology, but there is often a divide between business/mission owners and security/technology management about the value of patching. This publication frames patching as a critical component of preventive maintenance for computing technologies – a cost of doing business, and a necessary part of what organizations need to do in order to achieve their missions. This publication also discusses common factors that affect enterprise patch management and recommends creating an enterprise strategy to simplify and operationalize patching while also improving reduction of risk. Preventive maintenance through enterprise patch management helps prevent compromises, data breaches, operational disruptions, and other adverse events.Citation
Special Publication (NIST SP) - 800-40r4
Report Number
800-40r4
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
enterprise patch management, patch, risk management, update, upgrade, vulnerability management.
Citation
Created April 6, 2022, Updated November 29, 2022