https://www.securityweek.com/dhs-orders-agencies-patch-critical-flaws-within-15-days
By Eduard Kovacs
SecurityWeek
May 01, 2019
The U.S. Department of Homeland Security (DHS) this week issued a new Binding
Operational Directive (BOD) instructing federal agencies and departments to act
more quickly when it comes to patching serious vulnerabilities in
internet-exposed systems.
Specifically, BOD 19-02 gives government organizations 15 days to address
critical vulnerabilities and 30 days for high-severity flaws. The countdown
starts when a vulnerability was initially detected, rather than when it was
first reported to agencies.
Internet-exposed government systems undergo Cyber Hygiene scanning to help
agencies identify vulnerabilities. The recently created Cybersecurity and
Infrastructure Security Agency (CISA) provides regular reports to agencies,
informing them of the detected flaws, classified based on their CVSSv2 score.
The new BOD 19-02 also instructs the CISA to provide technical expertise and
guidance for remediation, and send a monthly report to the Office of Management
and Budget (OMB) to identify trends and challenges and facilitate any policy or
budget-related actions that may be required.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_