Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-40 Rev. 3

Guide to Enterprise Patch Management Technologies

Date Published: July 2013

Supersedes: SP 800-40 Version 2 (11/16/2005)


Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)



patch management; remediation; software patches; information security; vulnerability management
Control Families

Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Information Integrity


Download URL

Supplemental Material:
Press Release

Document History:
07/22/13: SP 800-40 Rev. 3 (Final)