Federal agencies need to improve their software patch management, according to U.S. General Accounting Office (GAO) report released Wednesday.

A review of 24 agencies showed that they are implementing common practices for effective patch management, including system inventories and infosec training, but aren't consistently performing other practices such as risk assessments and testing all patches before deployment, the report said.

A government-wide centralized patch management service could help agencies implement selected patch management practices, according to the GAO, which serves as the investigative arm of Congress.

The GAO recommended that the director of the Office of Management and Budget provide more refined information on patch management practices and determine the feasibility of providing selected centralized patch management services.