thePCI Portal

Critical Cybersecurity Hygiene project “Patching the Enterprise”

What is the Critical Cybersecurity Hygiene project “Patching the Enterprise”?

The objective of this project is to demonstrate a proposed approach for improving enterprise patching practices for general IT systems. Commercial and open source tools will be used to aid with the most challenging aspects of patching, including system characterization and prioritization, patch testing, and patch implementation tracking and verification. These tools will be accompanied by actionable, prescriptive guidance on establishing policies and processes for the entire patching life cycle, in the form of a freely available NIST Cybersecurity Practice Guide.

Project description available here.

Whats going to happen?

Eventually there will be Best Patch Management Practices in a NIST Special Publication 1800 practice guide.

October 11, 2019: Microsoft and NIST invite technology vendors interested in providing products and technical expertise to collaborate on the reference design.  See here for more info on how to participate.

Ad below this line:

Leave a Reply

Your email address will not be published. Required fields are marked *