GAO report: U.S. agencies need better patch management

Federal agencies need to improve their software patch management, according to U.S. General Accounting Office (GAO) report released Wednesday.

A review of 24 agencies showed that they are implementing common practices for effective patch management, including system inventories and infosec training, but aren't consistently performing other practices such as risk assessments and testing all patches before deployment, the report said.

A government-wide centralized patch management service could help agencies implement selected patch management practices, according to the GAO, which serves as the investigative arm of Congress.

The GAO recommended that the director of the Office of Management and Budget provide more refined information on patch management practices and determine the feasibility of providing selected centralized patch management services.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.