Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-40 Version 2

Creating a Patch and Vulnerability Management Program

Date Published: November 2005

Supersedes: SP 800-40 (08/01/2002)

Author(s)

Peter Mell (NIST), Tiffany Bergeron (MITRE), David Henning (Hughes Network Systems)

Abstract

Keywords

computer security; security patches; vulnerability management
Control Families

Awareness and Training; Configuration Management; Planning; Risk Assessment

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-40ver2
Download URL

Supplemental Material:
None available

Document History:
11/16/05: SP 800-40 Version 2 (Final)

Topics

Security and Privacy

patch management, vulnerability management

Applications

enterprise