Cyber

CISA directive gives agencies 60 days to update vulnerability management

Departments will have to provide a copy of their new policies and procedures to CISA if asked.

November 3, 2021

(Scoop News Group photo)

Departments across the federal government will have 60 days to review and update vulnerability management procedures under a new directive issued Wednesday by the Cybersecurity and Infrastructure Security Agency.

According to the document, agencies will also have to provide a copy of their new policies and procedures to the Department of Homeland Security agency if asked.

Other required actions from agencies under the directive include remediating vulnerabilities according to the timelines set out in the vulnerability catalog managed by the Cybersecurity and Infrastructure Security Agency (CISA.) Departments also will have to provide CISA with details about the status of vulnerabilities listed in the catalog.

Agencies additionally are expected to automate data exchange and to report their respective implementation status through CISA’s Continuous Diagnostics and Mitigation (CDM) federal dashboard.

The latest edict from CISA comes amid a push to fast-track the improvement of cybersecurity across federal agencies and to remediate security flaws in software development.

CISA in the document said it will continue to assist agencies to address cybersecurity flaws by closely maintaining its vulnerability catalog and alerting agencies where necessary.

The oversight agency also will provide a status report on vulnerabilities at the end of each fiscal year to the secretary of DHS, the director of the Office of Management and Budget and the National Cyber Director to identify the status of vulnerability fixes across agencies.

CISA directive gives agencies 60 days to update vulnerability management

More Like This

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

CISA emergency directive tells agencies to fix credentials after Microsoft breach

How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

Top Stories

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

ICE pursuing privacy approvals related to controversial phone location data

More Scoops

Department of Homeland Security lays out AI plans in new roadmap

CISA, OMB release secure software development attestation form

Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

FEMA employees brought government devices abroad without authorization, including to China and Iraq, document shows

CISA establishing new office focused on zero trust

Federal IT officials call on CISA for tougher standards, more coordination

How risky is ChatGPT? Depends which federal agency you ask

Latest Podcasts

CISA directive gives agencies 60 days to update vulnerability management

Google’s Chris Hein on how AI is changing how citizens relate to government

OPM’s tech-friendly director steps down

World Bank’s Partha Perumbali and Aretec’s Waqas Haq on AI-powered search

Tech

Defense

Cyber

Acquisition