“Known Exploited Vulnerabilities Catalog”
Cybersecurity & Infrastructure Security Agency (CISA), November 3, 2021
“This is a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise.”
The Known Exploited Vulnerabilities Catalog is a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise.” It was established by CISA issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to evolve our approach to vulnerability management and keep pace with threat activity. Federal civilian agencies are required to identify and remediate these vulnerabilities on their information systems.
Although BOD 22-01 requires action from federal civilian agencies only, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments review and monitor the catalog and remediate the listed vulnerabilities to strengthen their security and resilience posture. Building collective resilience requires action across all stakeholders.
Thresholds and conditions for catalog updates:
- [None included at time of publication.]
CISA will update this catalog with additional exploited vulnerabilities as they become known, subject to an executive level CISA review and when they satisfy the following thresholds:
- The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID.
- There is reliable evidence that the vulnerability has been actively exploited in the wild.
- There is a clear remediation action for the vulnerability, such as a vendor provided update.
Can it be more retro just do what you think. I trust you anyway, you are the designer, you know what to do. Do less with more. We exceed the clients’ expectations just do what you think. I trust you, and just do what you think. I trust you, the website doesn’t have the theme i was going for yet im not sure, try something else can you make the logo bigger yes bigger bigger still the logo is too big can you rework to make the pizza look more delicious.
About the Author:
The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, communications, and physical security and resilience, in turn helping to ensure a secure and resilient infrastructure for the American people.
CISA Plays Two Key Roles:
- We Are the Operational Lead for Federal Cybersecurity, or the Federal “dot gov”
CISA acts as the quarterback for the federal cybersecurity team, protecting and defending the home front—our federal civilian government networks—in close partnership with the Office of Management and Budget, which is responsible federal cyber security overall. CISA also coordinates the execution of our national cyber defense, leading asset response for significant cyber incidents and ensures that timely and actionable information is shared across federal and non-federal and private sector partners.
- We Are the National Coordinator for Critical Infrastructure Security and Resilience
We look at the entire threat picture and work with partners across government and industry to defend against today’s threats while securing the nation’s critical infrastructure against threats that are just over the horizon.
Designed for Collaboration and Partnership:
Established in 2018, CISA was created to work across public and private sectors, challenging traditional ways of doing business by engaging with government, industry, academic, and international partners. As threats continue to evolve, we know that no single organization or entity has all the answers for how to address cyber and physical threats to critical infrastructure. By bringing together our insight and capabilities, we can build a collective defense against the threats we face.
- Binding Operational Directive 22-01 (CISA)
- Reducing the Significant Risk of Known Exploited Vulnerabilities (CISA)