Return to List of Client Alerts
The Feds rarely issue what they call Binding Operational Directives or BODs. To give you an idea of how rare they are, they issued no BODs in fiscal year 2021 (here is a list). They just issued BOD 22-01, the first one for FY 2022.
This BOD, titled Reducing the Significant Risk of Known Exploited Vulnerabilities, is designed to get federal agencies to up their game when it comes reducing cyber risk from known exploits.
CISA will maintain a catalog of known exploits and a methodology for when to add new exploits to the list.
Each agency:
There is more detail both in the BOD itself (available here) and a BOD fact sheet (available here).
We recommend that all companies review the BOD and see if you should implement procedures for your company.