Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Guide to Enterprise Patch Management Technologies



Murugiah P. Souppaya, Karen Scarfone


Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. There are several challenges that complicate patch management. If organizations do not overcome these challenges, they will be unable to patch systems effectively and efficiently, leading to easily preventable compromises. This publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and examines the challenges inherent in performing patch management. It provides an overview of enterprise patch management technologies and it also briefly discusses metrics for measuring the technologies' effectiveness and for comparing the relative importance of patches. [Supersedes SP 800-40 Version 2.0 (November 2005): search.cfm?pub_id=150402]
Special Publication (NIST SP) - 800-40 Rev 3
Report Number
800-40 Rev 3


information security, patch management, remediation, software patches, vulnerability management
Created July 22, 2013, Updated May 24, 2020