A centralised and managed approach that maintains the integrity of patches or updates, and confirms that they have been applied successfully, is used to patch or update applications, operating systems, drivers and firmware.
Topic
Patch management processes and procedures
Applicable to
all
History
Priority
should
Mar 2022
A centralised and managed approach that maintains the integrity of patches or updates, and confirms that they have been applied successfully, is used to patch or update applications, operating systems, drivers and firmware.
Previous iterations of the Essential Eight Maturity Model drew a distinction between how to patch ‘applications and drivers’ and ‘operating systems and firmware’. As such requirements are no longer stipulated in the Essential Eight Maturity Model, the previous six recommendations have been collapsed into one recommendation.
Oct 2019
A centralised and managed approach is used to patch or update applications and drivers.
Security controls 0298 and 1498 were slightly reworded to align with their associated rationale.
Sep 2019
Where possible, a centralised and managed approach is used to patch or update applications and drivers.
2015
Where possible, a centralised and managed approach should be used to patch operatingsystems, applications, drivers and hardware devices.
2010
Agencies should ensure that security patches are applied through a vendor-recommended patchor upgrade process.
2008
Agencies should, when possible, ensure that known ICT security vulnerabilities in products are corrected through a vendor recommended patch or upgrade process.