Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security

This bulletin provides information for organizational security managers who are responsible for designing and implementing security patch and vulnerability management programs and for testing the effectiveness of the programs in reducing vulnerabilities. The information is also useful to system... See full abstract

This bulletin provides information for organizational security managers who are responsible for designing and implementing security patch and vulnerability management programs and for testing the effectiveness of the programs in reducing vulnerabilities. The information is also useful to system administrators and operations personnel who are responsible for applying and testing patches and for deploying solutions to vulnerability problems. The bulletin discusses the need for timely patching of software to maintain the operational availability, confidentiality, and integrity of IT systems. It summarizes NIST recommendations for implementing a systematic, accountable, and documented process for managing exposure to vulnerabilities through the timely deployment of patches. References and sources of information on patch and vulnerability management are provided.
Hide full abstract