Lawmakers on the Senate Armed Forces Committee claim that the Department of Defense is not taking strong enough action against defense contractors in regards to protecting Controlled Unclassified Information (CUI), which is putting all of that data at risk. Given the increasing vulnerability of U.S. systems to cyber threats in recent years, the Committee is concerned about the current regulations and best practices surrounding cybersecurity and data protection.
As a result, we will likely see considerably more pressure coming onto DFARS 252.204-7012 Compliance, which puts cybersecurity safeguards on what the U.S. government calls ‘controlled unclassified information.’ The motivation behind DFARS (Defense Federal Acquisition Regulation Supplement) is the need to protect the confidentiality of this sensitive information (trade secrets, plans, specifications, etc.) that is out in the DoD supply chain.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.