H-ISAC TLP White CISA Issues BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities

November 4, 2021

 

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to address vulnerabilities and establish specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries.

CISA recommends all organizations prioritize mitigating the vulnerabilities listed on their public catalog, which are actively being used to exploit public and private organizations. The catalog has hundreds of exploited security vulnerabilities that expose systems to risk if successfully abused by threat actors. CISA, and the Health-ISAC Threat Operations Center (TOC), strongly recommend that private member organizations prioritize mitigation of the vulnerabilities listed in CISA’s BOD 22-01 Directive catalog and review the accompanying fact sheet, which can be accessed here.

 

Reference(s)

DHS, cisa, cisa

Sources

DHS: Binding Operational Directive 22-01

CISA: Known Exploited Vulnerabilities Catalog

CISA: Reducing the Significant Risk of Known Exploited Vulnerabilities

Alert ID caf43cd9

 

Tags DHS-CISA, DHS (Department of Homeland Security), CISA Advisory, DHS, CISA

TLP:WHITE Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.

CISA CISA is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.

Access the Health-ISAC Intelligence Portal Enhance your personalized information-sharing community with improved threat visibility, alert notifications, and incident sharing in a trusted environment delivered to you via email and mobile apps. Contact membership@h-isac.org for access to Cyware.

For Questions or Comments Please email us at toc@h-isac.org

View the entire report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
CrowdStrike Technology Outage Causing Global Disruption, Including Impacts on Hospitals
Letter/Comment
AHA Responds to CISA Proposed Rule on Cyber Incident Reporting Requirements
Public
Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Issue Landing Page
Support for your Cybersecurity Program
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Two
Public