CISA Issues New Cybersecurity Directive for Federal Agencies

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

On November 3, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) announced Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities (the “Directive”), establishing a CISA-managed catalog of vulnerabilities and compelling federal agencies to remediate such vulnerabilities on government information systems. The Directive targets vulnerabilities that pose a significant risk to the federal government and applies to all software and hardware found on federal information systems, including those managed on an agency’s premises, as well as those hosted by third parties on an agency’s behalf. The Directive is the latest in a series of executive branch efforts to address U.S. cybersecurity in the public and private sectors.

The Directive requires agencies to take certain steps in connection with remediating the nearly 300 vulnerabilities identified in CISA’s catalog; accordingly, agencies must:

Review and update their internal vulnerability management procedures within 60 days to address, at a minimum, the measures specified in the directive, which include establishing ongoing remediation processes, assigning roles and responsibilities for

Read the article