The CISA has released this year’s first binding operational directive (BOD), which notes about 290 vulnerabilities affecting the federal civil information systems.
The agency warned and ordered the other federal agencies to fix all of them, and submit a quarterly report on the status. CISA said these security vulnerabilities are both internet-facing and offline and can cause serious issues if exploited by a threat actor.
CISA’s Binding Operational Directive
Every year, CISA releases a Binding Operational Directive (BOD) containing various technical vulnerabilities in general systems, used by federal agencies to process the regular works. Since threat actors are actively looking to hit such critical services, CISA warns them to fix them as soon as possible.
Related- CISA Urged Discourse Users to Update Immediately For Patching an RCE Bug
This year, the BOD 22-01 (Reducing the Significant Risk of Known Exploited Vulnerabilities) contained about 290 security vulnerabilities (200 from 2017-20 and 90 from 2021). These include both the software and hardware systems (online and offline) from federal civil agencies serving the public.
❗️ Today we issued Binding Operational Directive 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities: https://t.co/rFBFQyCLX5 This establishes priorities for vulnerability management & will help improve Federal Agency vulnerability management practices. pic.twitter.com/CS0hVBU4l4 — Cybersecurity and Infrastructure Security Agency (@CISAgov) November 3, 2021
