720-891-1663

Return to List of Client Alerts

Feds Issue Order to Tighten Security -You Should Too

The Feds rarely issue what they call Binding Operational Directives or BODs. To give you an idea of how rare they are, they issued no BODs in fiscal year 2021 (here is a list). They just issued BOD 22-01, the first one for FY 2022.

This BOD, titled Reducing the Significant Risk of Known Exploited Vulnerabilities, is designed to get federal agencies to up their game when it comes reducing cyber risk from known exploits.

CISA will maintain a catalog of known exploits and a methodology for when to add new exploits to the list.

Each agency:

  • is required to update its internal vulnerability management procedures within 60 days
  • Establish a process for ongoing remediation
  • Assign roles and responsibilities
  • Establish internal validation and enforcement procedures
  • Set up internal tracking and reporting

There is more detail both in the BOD itself (available here) and a BOD fact sheet (available here).

We recommend that all companies review the BOD and see if you should implement procedures for your company.