Accession Number : AD1040604


Title :   Assessing the Army's Software Patch Management Process


Descriptive Note : Technical Report,27 Jul 2015,04 Mar 2016


Corporate Author : Defense Acquisition University Aberdeen Proving Ground United States


Personal Author(s) : Pryor,Benjamin A


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1040604.pdf


Report Date : 04 Mar 2016


Pagination or Media Count : 73


Abstract : With the proliferation of information systems in the Department of Defense's inventory along with the rise of third-party software vulnerabilities, software patch management has become a key focus for the Department of Defense Cyber Command. The implementation of a software patch management plan is the first line of defense to protect the network from exploitation from cyberattacks. Three organizations are responsible for testing, integrating, and distributing software patches to the end-users: program management offices, the U.S. Army Software Engineering Command, and the Sustainment Automation Support Management Office (SASMO). With the increasing rate of third-party software releases, the challenge facing the SASMO community is how to install these third-party software patches in the most expeditious and cost-effective manner. Nearly 15 years since the enactment of the Federal Information Security Management Act of 2002 as Public Law No. 107-347, many Federal agencies continue to report deficiencies in managing software patches within their systems. This study provides an overview of the software patch management process, an analysis of the reasons for the deficiencies in patch management, and some recommendations to assist the SASMO community to implement software patch management across the enterprise.


Descriptors :   test and evaluation , SYSTEM SOFTWARE , computer network security , CYBERATTACKS , department of defense , army , operating systems , configuration management , computer programs , information systems , computers


Subject Categories : Computer Systems Management and Standards
      Computer Programming and Software


Distribution Statement : APPROVED FOR PUBLIC RELEASE