US Department of Homeland Security directive requires federal agencies to fix critical flaws within 15 days

The Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security (DHS) has issued a new binding operational directive (BOD) for federal agencies, ordering them to patch critical security flaws discovered on their internet-accessible systems within 15 days of first detection. And the countdown to remediate security flaws will start as soon as they are first detected during CISA's weekly cyber hygiene vulnerability scanning. The order cuts in half the deadline for patching critical flaws from 30 days. Flaws deemed "high" in severity still have a 30 day deadline for fixing.

Spotlight

Spotlight

Related News