Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Procedures for Handling Security Patches



Peter M. Mell, Miles C. Tracy


[Superseded by SP 800-40 Version 2.0 (November 2005):] Timely patching is critical to maintain the operational availability, confidentiality, and integrity of IT systems. However, failure to keep operating system and application software patched is the most common mistake made by information technology (IT) professionals. To help address this growing problem, this special publication recommends methods to help organizations have an explicit and documented patching and vulnerability policy and a systematic, accountable, and documented process for handling patches. This document also covers areas such as prioritizing patches, obtaining patches, testing patches, and applying patches.
Special Publication (NIST SP) - 800-40
Report Number


computer security, security patches, vulnerability management


Mell, P. and Tracy, M. (2002), Procedures for Handling Security Patches, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed February 25, 2024)
Created August 1, 2002, Updated May 4, 2021