This article has been indexed from CSO Online
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a wide-ranging mandate, a Binding Operational Directive (BOD 22-01), for all civilian federal agencies “to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by adversaries.” The goal of the BOD is to help agencies clarify and focus their remediation efforts in the face of thousands of discovered vulnerabilities – 18,000 in 2020 alone – and prioritize those deemed most dangerous for remediation.
The directive requires the agencies to remediate the vulnerabilities within specified time frames relying on a CISA-managed catalog of known exploited vulnerabilities. CISA says this directive enhances but does not replace BOD 19-02, issued in April 2019 to address remediation requirements for critical and high vulnerabilities on internet-facing federal information systems identified through CISA’s vulnerability scanning service.
Read the original article: CISA releases directive to remediate dangerous vulnerabilities across civilian agencies