Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, that addresses the remediation of vulnerabilities that are being actively exploited by adversaries. CISA has established a public catalog of exploited vulnerabilities that carry significant risk to the federal enterprise, available at https://cisa.gov/known-exploited-vulnerabilities. This catalog will be updated regularly as new exploited vulnerabilities are identified.
CISA recognizes that prioritization of vulnerabilities is a challenge for all organizations. By emphasizing remediation of vulnerabilities that are being actively used by adversaries, public and private organizations can significantly drive down the risk of a damaging compromise. We encourage all organization to prioritize remediation of vulnerabilities listed on CISA’s catalog and to sign up for notifications when new vulnerabilities are added.
To assist public and private sector partners, CISA invites you to a cross-sector stakeholder call:
Meeting Date: Friday, Nov 5, 2021
Meeting Time: 2:00pm – 2:30pm EST
Audience: Cross-Sector stakeholders
Dial-in information: 1-415-228-4585 (Toll Free # 800-857-6546) Access code: 2170340
Thank you for sharing this information broadly.
Cybersecurity and Infrastructure Security Agency