Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
Federal agencies have 60 days to review and update their internal cybersecurity programs.
The US Cyber and Infrastructure Security Agency (CISA) has released the first binding operational directive (BOD) this year, directing federal civilian agencies to quickly fix vulnerabilities used by cybercriminals in attacks.
The new directive BOD 22-01 Reducing the Significant Risk of Known Exploited Vulnerabilities applies to both software and hardware in federal information systems with and without Internet access, including those operated federal agencies or third parties on behalf of the agency.
“This is a big step forward in protecting federal civic networks. Mandatory Operating Directive (BOD) 22-01 sets a time frame to address known exploitable vulnerabilities,” said Jen Easterly, CISA Director.
CISA has published a list of hundreds of exploitable vulnerabilities that expose government systems to significant attack risks if successfully exploited by attackers.
The list currently includes 200 vulnerabilities identified between 2017 and 2020 and 90 vulnerabilities discovered in 2021. CISA regularly updates the list with newly discovered vulnerabilities if they meet the following conditions:
The US Cyber and Infrastructure Security Agency (CISA) has released the first binding operational directive (BOD) this year, directing federal civilian agencies to quickly fix vulnerabilities used by cybercriminals in attacks.
The new directive BOD 22-01 Reducing the Significant Risk of Known Exploited Vulnerabilities applies to both software and hardware in federal information systems with and without Internet access, including those operated federal agencies or third parties on behalf of the agency.
“This is a big step forward in protecting federal civic networks. Mandatory Operating Directive (BOD) 22-01 sets a time frame to address known exploitable vulnerabilities,” said Jen Easterly, CISA Director.
CISA has published a list of hundreds of exploitable vulnerabilities that expose government systems to significant attack risks if successfully exploited by attackers.
The list currently includes 200 vulnerabilities identified between 2017 and 2020 and 90 vulnerabilities discovered in 2021. CISA regularly updates the list with newly discovered vulnerabilities if they meet the following conditions:
- The vulnerability was assigned the Common Vulnerabilities and Exposures (CVE) identifier.
- There is credible evidence of exploitation in cyberattacks.
- There is a clear action to remediate the vulnerability, such as a vendor-provided update.
