The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to address vulnerabilities and establish specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries.
CISA recommends all organizations prioritize mitigating the vulnerabilities listed on their public catalog, which are actively being used to exploit public and private organizations. The catalog has hundreds of exploited security vulnerabilities that expose systems to risk if successfully abused by threat actors. CISA, and the Health-ISAC Threat Operations Center (TOC), strongly recommend that private member organizations prioritize mitigation of the vulnerabilities listed in CISA’s BOD 22-01 Directive catalog and review the accompanying fact sheet, which can be accessed here.
Sources
View the entire report below.
|