NIST - SP 800-40 (version 2), Creating a Patch and Vulnerability Program
18.11.2005
SP 800-40 is an updated version of the publication originally published in August 2003. IT provides guidance on creating a security patch and vulnerability remediation program and testing the effectiveness of that program. It describes the principles and methodologies that organizations can use to manage exposure to vulnerabilities through the timely deployment of patches. Although the primary emphasis is on designing and implementing a patch and vulnerability management program, the document also contains guidance for technical staff responsible for applying patches, deploying patch and vulnerability management solutions, and disseminating related information.