Security News > 2021 > November > CISA orders federal agencies to fix hundreds of exploited security flaws
CISA has issued this year's first binding operational directive ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline.
"BIG step forward today in protecting Federal Civilian Networks-Binding Operational Directive 22-01 establishes timeframes for mitigation of known exploited vulnerabilities and requires improvements in vulnerability management programs," said CISA Director Jen Easterly.
CISA has published a catalog of hundreds of exploited security vulnerabilities that expose government systems to significant risks if successfully abused by threat actors.
CISA orders federal agencies to review and update their internal vulnerability management procedures within 60 days with today's directive.
Agencies are also required to remediate the security flaws listed in the known exploited vulnerabilities catalog according to the timelines set by CISA. They will also have to submit quarterly reports on the patch status via CyberScope or the CDM Federal Dashboard, with a change to bi-weekly reporting for agencies that haven't migrated away from CyberScope until October 1, 2022.
"The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber attacks," Easterly added.