U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-40 Rev. 3

Guide to Enterprise Patch Management Technologies

Date Published: July 2013

Supersedes: SP 800-40 Version 2 (11/16/2005)


Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)



patch management; remediation; software patches; information security; vulnerability management
Control Families

Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Information Integrity


SP 800-40 Rev. 3 (DOI)
Local Download

Supplemental Material:
Press Release (other)

Document History:
07/22/13: SP 800-40 Rev. 3