Cybersecurity and Infrastructure Security Agency (CISA) has released its first binding operational directive (BOD) in 2021 that orders federal agencies to resolve nearly 300 vulnerabilities used by cybercriminals in attacks.
The new directive named "BOD 22-01 Reducing the Significant Risk of Known Exploited Vulnerabilities" applies to both software and hardware in federal information systems with Internet access and without it, including those operated by federal agencies or third parties on behalf of the agency.
"BIG step forward today in protecting Federal Civilian Networks—Binding Operational Directive (BOD) 22-01 establishes timeframes for mitigation of known exploited vulnerabilities and requires improvements in vulnerability management programs. The BOD applies to federal civilian agencies; however, ALL organizations should adopt this Directive and prioritize mitigating vulnerabilities listed on our public catalog, which are being actively used to exploit public and private organizations," said CISA Director Jen Easterly.
CISA has also published a list of hundreds of exploitable vulnerabilities that expose government IT systems to the risk of cyberattacks if successfully used by hackers.
Currently, the list includes 200 vulnerabilities identified between 2017 and 2020, and 90 vulnerabilities discovered in 2021. CISA regularly updates the list with newly discovered vulnerabilities if they meet the following conditions:
The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID.
There is reliable evidence that the vulnerability has been actively exploited in the wild.
There is a clear remediation action for the vulnerability, such as a vendor-provided update.
"The catalog will list exploited vulnerabilities that carry significant risk to the federal enterprise with the requirement to remediate within 6 mo ..
Support the originator by clicking the read the rest link below.
