Security Standards and Patching
Centers are responsible to ensure their sites are patched in a timely manner.
1) Patches are released from Microsoft on the 2nd Tuesday of each month.
2) Patches should be carefully tested in each office’s network to ensure compatibility with the individual environment, hardware, and software. The ePatching team offers Automated Fast Ring testing of Microsoft Patches and many third-party updates. Contact the MECM Support Team for information about participation.
3) Patches should be deployed to your production environment following the schedule below. but this schedule should not get in the way of thorough testing.
| Threat Level | Response Time | Remediation Time |
| Critical | Immediate | <1 Day |
| High | <1 Day | 3-7 Days |
| Medium | 3 –7 Days | 7-14 Days |
| Low | 7 –30 Days | 14 – 30 Days |
4) Test environments can consist of non-critical servers and workstations in your production environment (that are regularly backed up and can be restored quickly if a patch should make the system unstable) or you may wish to set up a test network that is separate from your production environment.
5) Automate patch management and deployment wherever possible to reduce errors and increase efficiency. Microsoft System Configuration Manager, Group Policy Management, and IBM Big Fix provide automated methods for correcting flaws for Operating systems in the USGS/DOI Active Directory Network .
Detailed Enterprise Patch Management standards can be found at the following link: