CISA: Reducing the Significant Risk of Known Exploited Vulnerabilities

The Director of the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, that addresses the remediation of vulnerabilities that are being actively exploited by adversaries. CISA has established a public catalog of exploited vulnerabilities that carry significant risk to the federal enterprise, available at cisa.gov/known-exploited-vulnerabilities. This catalog will be updated regularly as new exploited vulnerabilities are identified.

CISA recognizes that prioritization of vulnerabilities is a challenge for all organizations. By emphasizing remediation of vulnerabilities that are being actively used by adversaries, public and private organizations can significantly drive down the risk of a damaging compromise. We encourage all organization to prioritize remediation of vulnerabilities listed on CISA’s catalog and to sign up for notifications when new vulnerabilities are added.

Links:

Press Release: cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities 

BOD 22-01: cyber.dhs.gov/bod/22-01/ 

Current Activity: us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-22-01-reducing-significant-risk-known-exploited

Known Exploited Vulnerabilities Catalog: cisa.gov/known-exploited-vulnerabilities 

Fact Sheet: cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf

###

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 | steven.lyddon@cisa.dhs.gov

Chad Johnston
Protective Security Advisor-Arkansas, Region VI
Cybersecurity and Infrastructure Security Agency
501-414-1468 (Cell)
Chad.Johnston@cisa.dhs.gov