CISA issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to evolve the approach to vulnerability management and keeping pace with threat activity. The directive establishes a CISA managed catalog of known exploited vulnerabilities and requires federal civilian agencies to identify and remediate these vulnerabilities on their information systems.
Although BOD 22-01 requires action from federal civilian agencies only, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments review and monitor the catalog and remediate the listed vulnerabilities to strengthen their security and resilience posture.
Building collective resilience requires action across all stakeholders.
Full report: https://cisa.gov/known-exploited-vulnerabilities
Comments