On November 3rd CISA released Binding Operational Directive (BOD) 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities. Although BOD 22-01 applies to “all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency’s behalf” the tools used can be helpful for everyone in the IT and security space!

CISA has created and will maintain a catalog of known exploited vulnerabilities that is available to the public. You can also sign-up to receive alerts when new vulnerabilities are added to the catalog.

Take a look at the catalog of vulnerabilities to ensure your organization is covered!

CISA Links:

Binding Operational Directive 22-01

CISA’s Catalog of Known Exploited Vulnerabilities