Cumulative Security Updates

I have a group of systems running red hat 6.4 and 6.8 that have not been patched whatsoever since the os was installed. These systems are all on a disconnected network. I know how to configure a repository and install the rpms, however, is there a way to download all security updates at once? I guess i am also unsure of how security patches work with RHEL. If i download the binary iso for 6.9 and run yum --security update, will that retrieve the most current mitigations for RHEL 6 systems? Lastly, I have read the summary about backporting and i still do not understand how it applies.