The National Institute of Standards and Technology has published two new documents underscoring the necessity of timely patching to ensure organizations continue to have a strengthened cybersecurity posture.
The National Cybersecurity Center of Excellence said Wednesday one final publication, “Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology”, recommends creating and implementing a strategy for simplifying and running patches and lessening risks related to doing computer preventive maintenance efforts.
The mentioned NIST Special Publication 800-40 Revision 4 is meant for organization leadership, business owners and security or technology management groups. The guide was initially released in 2013.
Another final publication is NIST SP 1800-31 titled “Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways”. It offers more information on how to enhance the use of patching capabilities, building upon the SP 800-40 Revisions 3 and 4 work.
In addition, the release tackles patching situations where commercial tools were used for routine and emergency maintenance, as well as presents temporary patching alternatives.