CISA Urges Federal Agencies to Address 291 Known Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive 22-01, urging federal agencies to address known exploited vulnerabilities. This directive, released on November 3, 2021, highlights the significant risk posed by 291 Common Vulnerabilities and Exposures (CVEs).
Federal enterprises and agencies are advised to prioritize remediation efforts using the VMDR Prioritization report provided by Qualys. This tool helps locate vulnerable hosts through Qualys Threat Protection. The directive categorizes vulnerabilities into three groups: Past Due, Patch in less than two weeks, and Patch within six months. Federal agencies must remediate most 'Category 2' vulnerabilities by November 17, 2021, and 'Category 3' by May 3, 2022.
Qualys Patch Management can streamline the remediation process for many of these vulnerabilities. As of November 17, 2021, specific companies committed to addressing Category 2 vulnerabilities, but details were not publicly consolidated. Qualys Cloud Platform, with 107 FedRAMP authorizations, is available to help identify and assess risk to digital infrastructure and automate remediation.
CISA's directive emphasizes the urgent need to remediate vulnerabilities that adversaries are actively exploiting. Federal agencies are encouraged to act swiftly to achieve compliance and reduce the significant risk posed by known exploited vulnerabilities.
Read also:
- Overcoming Yielding Regulations Hurdles in Indian Export Sector for EU Markets
- Solar Supply Crunch Challenges Global Energy Transition as U.S. Senate Approves Clean Energy Infrastructure Bill
- Palisades Fire Threatens UCLA Neighborhoods, Resident Proposes Rezoning
- Maximizing Business Agility and Efficiency through Hybrid Cloud: Unveiling the Advantages
