Patch Management Services



RSI Security's Patch Availability Service provides a comprehensive report of all needed hardware, software, and firmware security patches to support our client’s compliance obligations under their respective regulatory body’s requirements.

We will work with our client’s staff on a consistent basis, ensuring responsiveness and expertise on our client’s requests for their individual patch availability report. RSI Security will review our client’s Master Asset List and provide documentation and patches.

Patch management is a necessary, but labor and time intensive process that can consume significant technical resources. Let RSI Security monitor the hundreds of third-party software and hardware vendor websites for released patches and provide documentation and installation support for your business.

Identification of Cyber Assets

Identification of Cyber Assets

Implement a Patch Management Program

Implement a Patch Management Program

Deployment of Patches

Deployment of Patches

Compliance Reporting Service

Compliance Reporting Service

Schedule A

Patch Availabilty Recommendations Specific to Industry:



To protect Bulk Electric System (BES) Cyber Assets or Systems, NERC mandates a unified patch management process for tracking, evaluating, and installing security patches for applicable Cyber Assets. Under its Reliability Standard documentation, NERC mandates entities to identify sources that track the release of security patches for the entity’s NERC CIP regulated systems.

NERC CIP compliance obligations fall under NERC CIP-007-6 R2 Part 2.1 and portions of NERC CIP-007-6 R2 Part 2.2. We will deliver, no less than once every thirty-five (35) days, a report detailing available patches and update notifications for our client’s systems.

Source: NERC CIP-007-6 Cyber Security - Systems Security Management, Pg 11

Download our NERC CIP Services Data Sheet Here


PCI DSS Requirement 6.2

Organizations are required to establish a process to address newly discovered security vulnerabilities, shifting from reactive remediation to proactive identification and patch installations based on active monitoring.

This requirement applies to applicable patches for all installed software, including payment applications (both those that are PA-DSS validated and those that are not).

  • Installation of applicable critical vendor-supplied security patches within one month of release
  • Installation of all applicable vendor-supplied security patches within three months

Source: PCI DSS 3.2, Pg 54

Download our PCI DSS Services Data Sheet Here


NIST Patch Management Recommendations

"Patches correct security and functionality problems in software and firmware, and are usually the most effective way to mitigate software flaw vulnerabilities, and are often the only fully effective solution. Upgrades may also fix security and functionality problems in previous versions of software and firmware.

Organizations should deploy enterprise patch management tools using a phased approach. Manual upgrade methods may need to be used for operating systems and applications not supported by automated patching tools, as well as some computers with unusual configurations."

Source: NIST Special Publication 800-40, Revision 3

Download our NIST 800-171 Services Data Sheet Here


FINRA Patch Management Recommendations

Patches and software updates are areas in which a firm may add or make changes to its controls to reduce cyber threat exposure.

Firms expect vendors to have system patch management controls in place, depending on the risk level of the information to which the vendor has access.

Source: FINRA Report on Cybersecurity Practices, Feb 2015

Download our FINRA Services Data Sheet Here


HIPAA Security Management Practices

Systems should be kept current with software upgrades (patches) that correct security deficiencies or enhance the capability to prevent unauthorized access. Users should subscribe to all available software upgrade services and install new security patches as they become available.

Download our HIPAA Services Data Sheet Here

Stand-alone or our all-inclusive services, our experts can help you comply with multiple industry standards.


Organizations that trust RSI Security