[CDP-development] FW: CISA - BOD 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities

[ALBIN Cinnamon S * DAS]

Today, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) issued<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities> Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities<https://cyber.dhs.gov/bod/22-01/>, that addresses the remediation of vulnerabilities that are being actively exploited by adversaries. CISA has established a public catalog of exploited vulnerabilities that carry significant risk to the federal enterprise, available at https://cisa.gov/known-exploited-vulnerabilities.  This catalog will be updated regularly as new exploited vulnerabilities are identified.

CISA recognizes that prioritization of vulnerabilities is a challenge for all organizations. By emphasizing remediation of vulnerabilities that are being actively used by adversaries, public and private organizations can significantly drive down the risk of a damaging compromise. We encourage<https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf> all organization to prioritize remediation of vulnerabilities listed on CISA's catalog and to sign up for notifications when new vulnerabilities are added.

Links:

Press Release: https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities

BOD 22-01: https://cyber.dhs.gov/bod/22-01/
Current Activity: https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-22-01-reducing-significant-risk-known-exploited

Known Exploited Vulnerabilities Catalog: https://cisa.gov/known-exploited-vulnerabilities

Fact Sheet: https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D7D08F.09CEAF80]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211103/6768a150/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211103/6768a150/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CISA FS-Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf
Type: application/pdf
Size: 288819 bytes
Desc: CISA FS-Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211103/6768a150/attachment-0001.pdf>