The Cybersecurity and Infrastructure Security Agency issued a binding operational directive to drive remediation of vulnerabilities that are being “actively exploited” by bad actors.
The directive, unveiled Wednesday, establishes a CISA-managed catalog of known exploited vulnerabilities. Federal civilian agencies must under the directive remediate those vulnerabilities within specific time frames.
CISA is using its directive authority as the operational lead for federal cybersecurity to drive efforts that will mitigate vulnerabilities exploited by bad actors, director Jen Easterly said in a statement.
“While this Directive applies to federal civilian agencies, we know that organizations across the country, including critical infrastructure entities, ...