Preview and Comment on a New Draft Practice Guide: Improving Enterprise Patching for General IT Systems
The National Cybersecurity Center of Excellence is following an experimental agile process to provide each volume of preliminary draft practice guide, Improving Enterprise Patching for General IT Systems, for public comment as work continues on the implementation of the demonstration and development of other sections of the publication. This guide can benefit anyone who has a stake in protecting his or her organization's data, privacy, and overall operational security.
Addressing Patching Challenges
The NCCoE is writing this guide in collaboration with cybersecurity technology providers to identify actionable approaches that can help organizations improve enterprise patching practices for general information technology (IT) systems. Cybersecurity attacks bring home the dangers of operating computers with unpatched software. We know the risks, however, keeping software up-to-date with patches is an ongoing challenge for many organizations for a host of reasons including timing and balancing security with mission impact and business objectives.
Future volumes of this guide will include both process and tool usage improvements. Once available, the full practice guide can help your organization improve its security and reduce the likelihood of privacy breaches with sensitive personal information by:
We Value Your Insights
We are seeking your feedback on the proposed approach and example solution outlined in Volume A, which discusses how existing tools can be used to implement:
The solution will also demonstrate recommended security practices for patch management systems themselves.
The comment period is open through October 9, 2020. Submit your comments online or send an email to firstname.lastname@example.org.