<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p><span style="font-family:"Franklin Gothic Book",sans-serif">Today, the Director of the Cybersecurity and Infrastructure Security Agency (CISA)
</span><a href="https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities"><span style="font-family:"Franklin Gothic Book",sans-serif">issued</span></a><span style="font-family:"Franklin Gothic Book",sans-serif">
Binding Operational Directive (BOD) 22-01, </span><a href="https://cyber.dhs.gov/bod/22-01/"><i><span style="font-family:"Franklin Gothic Book",sans-serif">Reducing the Significant Risk of Known Exploited Vulnerabilities</span></i></a><i><span style="font-family:"Franklin Gothic Book",sans-serif">,</span></i><span style="font-family:"Franklin Gothic Book",sans-serif">
that addresses the remediation of vulnerabilities that are being actively exploited by adversaries. CISA has established a public catalog of exploited vulnerabilities that carry significant risk to the federal enterprise, available at
</span><a href="https://cisa.gov/known-exploited-vulnerabilities"><span style="font-family:"Franklin Gothic Book",sans-serif;background:white">https://cisa.gov/known-exploited-vulnerabilities</span></a><span style="font-family:"Franklin Gothic Book",sans-serif">.
This catalog will be updated regularly as new exploited vulnerabilities are identified.
<o:p></o:p></span></p>
<p><span style="font-family:"Franklin Gothic Book",sans-serif">CISA recognizes that prioritization of vulnerabilities is a challenge for all organizations. By emphasizing remediation of vulnerabilities that are being actively used by adversaries, public and
private organizations can significantly drive down the risk of a damaging compromise. We
</span><a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf"><span style="font-family:"Franklin Gothic Book",sans-serif">encourage</span></a><span style="font-family:"Franklin Gothic Book",sans-serif">
all organization to prioritize remediation of vulnerabilities listed on CISA’s catalog and to sign up for notifications when new vulnerabilities are added.
<o:p></o:p></span></p>
<p><span style="font-family:"Franklin Gothic Book",sans-serif">Links: <o:p></o:p></span></p>
<p><b><span style="font-family:"Franklin Gothic Book",sans-serif">Press Release: </span>
</b><a href="https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities"><span style="font-family:"Franklin Gothic Book",sans-serif">https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities</span></a><o:p></o:p></p>
<p><b><span style="font-family:"Franklin Gothic Book",sans-serif">BOD 22-01</span></b><span style="font-family:"Franklin Gothic Book",sans-serif">:
</span><a href="https://cyber.dhs.gov/bod/22-01/" target="_blank" title="https://cyber.dhs.gov/bod/22-01/"><span style="font-family:"Franklin Gothic Book",sans-serif">https://cyber.dhs.gov/bod/22-01/</span></a><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Franklin Gothic Book",sans-serif">Current Activity</span></b><span style="font-family:"Franklin Gothic Book",sans-serif">:
</span><a href="https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-22-01-reducing-significant-risk-known-exploited" target="_blank" title="https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-22-01-reducing-significant-risk-known-exploited"><span style="font-family:"Franklin Gothic Book",sans-serif">https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-22-01-reducing-significant-risk-known-exploited</span></a><span style="font-family:"Franklin Gothic Book",sans-serif">
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Franklin Gothic Book",sans-serif">Known Exploited Vulnerabilities Catalog</span></b><span style="font-family:"Franklin Gothic Book",sans-serif">:
<a href="https://cisa.gov/known-exploited-vulnerabilities">https://cisa.gov/known-exploited-vulnerabilities</a><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-family:"Franklin Gothic Book",sans-serif">Fact Sheet</span></b><span style="font-family:"Franklin Gothic Book",sans-serif">:
</span><a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf"><span style="font-family:"Franklin Gothic Book",sans-serif">https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf</span></a><span style="font-family:"Franklin Gothic Book",sans-serif">
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D7D08F.09CEAF80"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="vertical-align:baseline"><o:p> </o:p></p>
</div>
</body>
</html>