Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Procedures for Handling Security Patches



Peter M. Mell, Miles C. Tracy


[Superseded by SP 800-40 Version 2.0 (November 2005):] Timely patching is critical to maintain the operational availability, confidentiality, and integrity of IT systems. However, failure to keep operating system and application software patched is the most common mistake made by information technology (IT) professionals. To help address this growing problem, this special publication recommends methods to help organizations have an explicit and documented patching and vulnerability policy and a systematic, accountable, and documented process for handling patches. This document also covers areas such as prioritizing patches, obtaining patches, testing patches, and applying patches.
Special Publication (NIST SP) - 800-40
Report Number


computer security, security patches, vulnerability management
Created August 1, 2002, Updated February 19, 2017