Assessing the Army's Software Patch Management Process
Abstract
With the proliferation of information systems in the Department of Defense's inventory along with the rise of third-party software vulnerabilities, software patch management has become a key focus for the Department of Defense Cyber Command. The implementation of a software patch management plan is the first line of defense to protect the network from exploitation from cyberattacks. Three organizations are responsible for testing, integrating, and distributing software patches to the end-users: program management offices, the U.S. Army Software Engineering Command, and the Sustainment Automation Support Management Office (SASMO). With the increasing rate of third-party software releases, the challenge facing the SASMO community is how to install these third-party software patches in the most expeditious and cost-effective manner. Nearly 15 years since the enactment of the Federal Information Security Management Act of 2002 as Public Law No. 107-347, many Federal agencies continue to report deficiencies in managing software patches within their systems. This study provides an overview of the software patch management process, an analysis of the reasons for the deficiencies in patch management, and some recommendations to assist the SASMO community to implement software patch management across the enterprise.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 04, 2016
- Accession Number
- AD1040604
Entities
People
- Benjamin A. Pryor
Organizations
- Defense Acquisition University