Top Threats

  • 1.  NIST Patch Management -

    Posted Nov 18, 2021 03:03:00 AM
    Hi All,

    The National Cybersecurity Center of Excellence (NCCoE) has released two new draft publications: Special Publication (SP) 1800-31, Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways, and SP 800-40 Revision 4, Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology.

    Patching is a critical component of preventive maintenance for computing technologies-a cost of doing business, and a necessary part of what organizations need to do in order to achieve their missions. However, keeping software up-to-date with patches remains a problem for most organizations.

    Draft SP 800-40 Revision 4 makes recommendations for creating an enterprise strategy to simplify and operationalize patching while also improving the reduction of risk. Draft SP 800-40 Revision 4 will replace SP 800-40 Revision 3, Guide to Enterprise Patch Management Technologies, which was released in 2013.

    Draft SP 1800-31 describes an example solution that demonstrates how tools can be used to implement the inventory and patching capabilities organizations need for routine and emergency patching situations, as well as implementing workarounds and other alternatives to patching.

    Comments due on or before January 10, 2022
    Draft SP 1800-31 comments: https://www.nccoe.nist.gov/projects/critical-cybersecurity-hygiene-patching-enterprise
    Draft SP 800-40 Revision 4 comments: Email Comments to: [email protected]

    You can also contact us at [email protected].

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------