NIST SPECIAL PUBLICATION 1800- 31
Improving Enterprise Patching
for General IT Systems:
Utilizing Existing Tools and Performing Processes in Better Ways
Includes Executive Summary (A ); Security Risks and Capabilities (B); and How -To Guides ( C)
Tyler Di amond *
Alper Ker man
Murugiah S ouppaya
Kevin S tine
Brian J ohnson
Chris Pe loquin
Vanessa Ruffin
Mark Simo s
Sean S weeney
Karen S carfone
*Former employee; all work for this publication was done while at employer
FINAL
April 2022
This publication is available free of charge from
https://doi.org/10.6028/NIST.SP.1800-3 1
The draft publication is av ailable free of charge from
https://www.nccoe.nist.gov /publications/practice-g uide/nist-s p-1800-3 1-improving-e nterprise-p atching-
general-i t-systems-d raft
NIST
SPECIAL PUBLICATION 1800 -31
Improving Enterprise Patching for General IT Systems: Utilizing
Existing Tools and Performing Processes in Better Ways
Includes
Executive Summary (A); Security Risks and Capabilities (B); and How-To Guides ( C)
Tyler
Diamond*
Alper Kerman
Murugiah Souppaya
Kevin Stine
National Cybersecurity Center of Excellence
Information Technology Laboratory
Bri
an Johnson
Chris Peloquin
Vanessa Ruffin
The MITRE Corporation
McLean, VA
Mark
Simos
Sean Sweeney
Microsoft
Redmond, WA
Karen S
carfone
Scarfone Cybersecurity
Clifton, Virginia
*Former employee; all work for this publication was done while at employer
April
2022
U.S. D
epartment of Commerce
Gina M. Raimondo, Secretary
National
Institute of Standards and Technology
James K. Olthoff, Performing the non-e xclusive functions and d uties of the Under Secretary of Commerce
for Standards and Technology & Director, National Institute of Standards and Technology FINALNIST SPECIAL PUBLICATION 1800- 31A
Improvin g Enterpris e Patching
for General IT Systems:
Utilizing Existi ng Tools and Performing Processes in
Better Ways
Volum e A:
Executive Summary
Alper K erman
Murugiah Souppaya
Kevin Stine
National C ybersecurity Center of Excellenc e
Informati on Technology Laboratory
Mark Simos
Sean Sweeney
Microsoft
Redmond, Washington
Karen Scarfone
Scarfone Cybersecurity
Clifton, Virginia
FINAL
April 2022
This publication is available free of charge from
https://doi.org/10.6028/NIST.SP.1800-3 1
The draft publication is available free of charge from
https://www.nccoe.nist.gov /publications/practice-g uide/nist-s p-1800-3 1-improving-e nterprise-p atching-
general-i t-systems-d raft
NIST SP 1800 -31A : Improving Enterprise Patching for General IT Systems 1 Executive Summary
For decades, cybersecurity attacks have highlighted the dangers of having computers with unpatched
software . Even with widespread awareness of these dangers, however, keeping software up -to-date
with patches remains a problem. Deciding how, when, and what to patch can be difficult for any
organization. Each organization must balance security with mission impact and business objectives by
using a risk -based methodology . To address these challenges, the NCCoE ha s collaborated with
cybersecurity technology providers to explore approach es for improving enterprise patching practices
for general information technology (IT) systems. These practices are intended to help your organization
improve its security and reduce the likelihood of data breaches with sensitive personal information and
other successful compromises . The practices can also play an important role as your organization
embarks on a journey to zero trust.
CHALLENGE
There are a few root causes for many dat a breaches, malware infections, ransomware attacks, and other
security incidents , and known— but unpatched —vulnerabilities in software is one of them .
Implementing a few security hygiene practices , such as patching operating systems, applications, and
firmware, can prevent many incidents from occurring, lower the potential impact of incidents that do
o
NIST.SP.1800-31
安全标准 >
NIST >
文档预览
中文文档
206 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共206页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:19:05上传分享