Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-40 Rev. 4

Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology

Date Published: April 2022

Supersedes: SP 800-40 Rev. 3 (07/22/2013)

Author(s)

Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)

Abstract

Keywords

enterprise patch management; patch; risk management; update; upgrade; vulnerability management
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-40r4
Download URL

Supplemental Material:
None available

Document History:
11/17/21: SP 800-40 Rev. 4 (Draft)
04/06/22: SP 800-40 Rev. 4 (Final)

Topics

Security and Privacy

patch management, vulnerability management

Technologies

software & firmware

Applications

enterprise

Laws and Regulations

Executive Order 14028