← Back to all briefings

Cybersecurity · Credibility 92/100 · · 1 min read

CISA BOD 22-01 Known Exploited Vulnerabilities — November 3, 2021

CISA’s Binding Operational Directive 22-01 created the Known Exploited Vulnerabilities catalog and remediation deadlines Zeph Tech still enforces in playbooks.

CISA’s Binding Operational Directive 22-01 required federal agencies to remediate catalogued known exploited vulnerabilities on strict deadlines. Zeph Tech uses the catalog to prioritise patching across client environments.

  • 3 Nov 2021 — BOD 22-01 issued. Agencies must remediate catalogued vulnerabilities within two weeks or due dates set by CISA.
  • 3 Nov 2021 — Known Exploited Vulnerabilities catalog launched. CISA published a living list of exploited CVEs with remediation timelines.
  • 3 Nov 2021 — CISA statement. CISA leadership emphasised the directive’s role in reducing real-world exploitation risk.

Zeph Tech integrates the KEV catalog into vulnerability management dashboards and incident response triggers.

  • CISA
  • Known Exploited Vulnerabilities
  • Remediation
Back to curated briefings