CISA Orders Federal Agencies to Patch Flaws

CISA Orders Federal Agencies to Patch Flaws

The United States Cybersecurity and Infrastructure Security Agency (CISA) today issued an order mandating most federal agencies to patch hundreds of known cybersecurity vulnerabilities it says are being “actively exploited by adversaries.”

Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, establishes a CISA-managed public catalog of known exploited vulnerabilities and gives federal civilian agencies a specific timeframe within which they must remediate such vulnerabilities.

The directive applies to all hardware and software located on federal information systems, including resources that are managed on agency premises or hosted by third parties for an agency.

BOD 22-01 marks CISA’s first government-wide requirement to remediate flaws impacting both internet-facing and non-internet-facing assets. 

CISA urged private businesses and state, local, tribal, and territorial (SLTT) governments to give precedence to remediating vulnerabilities listed in CISA’s catalog.

“As the operational lead for federal cybersecurity, we are using our directive authority to drive cybersecurity efforts toward mitigation of those specific vulnerabilities that we know to be actively used by malicious cyber actors,” said CISA director Jen Easterly. 

She continued: “The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability

Read More: