CISA plans to overhaul how it prioritizes vulnerabilities and critical infrastructure risks, shifting from a patch-fast approach to a more granular assessment based on asset exposure, exploitability, and known exploited vulnerabilities. Acting director Nick Andersen said the agency will also issue a binding operational directive for federal agencies and refocus on hiring and implementing CIRCIA requirements. #CISA #KEV #CIRCIA
Keypoints
- CISA is rethinking how it prioritizes vulnerabilities and risks.
- The agency will publish a binding operational directive for federal agencies.
- Critical infrastructure owners will get more specific guidance on protecting key assets.
- CISA wants to focus on exploitability, internet exposure, and KEV entries.
- The agency is hiring staff and advancing CIRCIA implementation.
Read More: https://cyberscoop.com/cisa-cyber-risk-prioritization-vulnerability-directive/