Recent attacks on computer systems have intensified the need for relevant, timely information about the attacks and how to prevent them. The Computer Security Division at NIST's Information Technology Laboratory has created a searchable index containing 700 of the most important publicly known computer security vulnerabilities. This index, called ICAT (pronounced eye-cat), helps the user to search for specific vulnerabilities and identify those vulnerabilities that are applicable to their organizations. ICAT provides a summary of selected vulnerabilities and links to patch information that is specific to each vulnerability. ICAT is available at: http://csrc.nist.gov/icat. Organizations are advised to use a tool such as ICAT to find and fix the vulnerabilities in their networks. ICAT enables systems administrators to find patches for a particular system, but it does not provide a general methodology for applying patches in an organization. This ITL Bulletin presents such guidance. ICAT will be most effective when applied using the suggested methodology.