CISA issues binding operational directive requiring agencies to patch known vulnerabilities on federal networks

The Cybersecurity and Infrastructure Security Agency has issued a sweeping binding operational directive ordering agencies to patch “critical” and “highly severe” vulnerabilities, using a new “living” catalog developed by CISA for “known exploited vulnerabilities that carry significant risk.”

“The goal of BOD 22-01 is to enable federal agencies, as well as public and private sector organizations, to improve their vulnerability management practices and dramatically reduce their exposure to cyberattacks,” CISA said in a fact sheet outlining the high-level...