Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

CISA Releases Binding Operational Directive on Vulnerability Remediation

Last Revised

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 19-02, Vulnerability Remediation Requirements for Internet-Accessible Systems. BOD 19-02 requires federal agencies to ensure effective and timely remediation of critical and high vulnerabilities.

CISA encourages users and administrators to review the CISA blog post on the BOD 19-02 release. Federal agencies should review BOD 19-02 for required actions and reporting procedures. 

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.