Accession Number:



Assessing the Army's Software Patch Management Process

Descriptive Note:

Technical Report,27 Jul 2015,04 Mar 2016

Corporate Author:

Defense Acquisition University Aberdeen Proving Ground United States

Personal Author(s):

Report Date:


Pagination or Media Count:



With the proliferation of information systems in the Department of Defenses inventory along with the rise of third-party software vulnerabilities, software patch management has become a key focus for the Department of Defense Cyber Command. The implementation of a software patch management plan is the first line of defense to protect the network from exploitation from cyberattacks. Three organizations are responsible for testing, integrating, and distributing software patches to the end-users program management offices, the U.S. Army Software Engineering Command, and the Sustainment Automation Support Management Office SASMO. With the increasing rate of third-party software releases, the challenge facing the SASMO community is how to install these third-party software patches in the most expeditious and cost-effective manner. Nearly 15 years since the enactment of the Federal Information Security Management Act of 2002 as Public Law No. 107-347, many Federal agencies continue to report deficiencies in managing software patches within their systems. This study provides an overview of the software patch management process, an analysis of the reasons for the deficiencies in patch management, and some recommendations to assist the SASMO community to implement software patch management across the enterprise.

Subject Categories:

  • Computer Systems Management and Standards
  • Computer Programming and Software

Distribution Statement: