Patch Management Planning and Processes: Updated NIST Guidance - Hexafusion Blog | Hexafusion

Hexafusion Blog

Patch Management Planning and Processes: Updated NIST Guidance

Despite increasing cyber attacks and warnings from cybersecurity experts, patch management remains a dangerous problem for many organizations. With that in mind, the National Cybersecurity Center of Excellence (NCCoE) has released two National Institute of Standards and Technology (NIST) draft publications on enterprise patch management.

Even though patching is generally regarded as necessary to lower cyber risk and meet compliance requirements, it has not always been considered a priority, the NIST wrote in the first document. But, with cyber attacks increasing in number and severity, patching has now risen to mission critical status.

Still, there are a number of hurdles in patch management’s way. For one, business/mission owners may believe that patching negatively affects productivity because of downtime for maintenance, NIST said.

Nonetheless, leadership and business/mission owners should view patching as a “normal and necessary part of reliably achieving the organization’s missions,” the document reads. Leadership, business/mission owners, and security/technology management teams should jointly create an enterprise patch management strategy that “simplifies and operationalizes patching while also improving its reduction of risk,” the NIST said.

As for the second document, its goal is to help organizations “balance security with mission impact and business objectives,” the agency said. The project uses commercially available tools for asset discovery, prioritization, patch implementation tracking and verification and includes guidance for organizations to set policies and processes for the entire patching lifecycle.

The NCCoE is seeking comments on the draft publications by January 10, 2022.

Original author: D. Howard Kass
Customize the Windows 11 experience with these fre...
IKEA Email Cyberattack Involves Phishing, Extends ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 24 January 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Customer Login

News & Updates

Contact us

Learn more about what Hexafusion can do for your business.

250 - 997 Seymour Street
Vancouver, British Columbia V6B 3M1