CISA orders federal agencies to take action on cyber vulnerabilities

The Cybersecurity Infrastructure and Security Agency (CISA) has issued a binding operational directive requiring federal agencies to patch known vulnerabilities that pose significant risks to the government. The directive includes a catalog of nearly 300 vulnerabilities and sets due dates for action, with one-third of the due dates falling within two weeks. It applies to all federal information systems, including those managed by third parties, and is the first to require patches for both online and offline systems.