NIST defines patch management as the systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs. (Source)

Organizations should identify systems that are affected by announced software and firmware flaws including potential vulnerabilities resulting from those flaws. Security-relevant updates include, for example, patches, service packs, hot fixes, and anti-virus signatures. Organizations should also address flaws discovered during security assessments, continuous monitoring, incident response activities, and system error handling. Organizations can take advantage of available resources such as the Common Weakness Enumeration (CWE) or Common Vulnerabilities and Exposures (CVE) databases in remediating flaws discovered in organizational systems. (Source)