CISA Provides Criteria and Process for Updates to the KEV Catalog

CISA has updated the Known Exploited Vulnerabilities (KEV) catalog webpage as well as the FAQs for Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, which established the KEV catalog. The updates provide information on the criteria and process used to add known exploited vulnerabilities to the KEV catalog.

CISA encourages users and administrators to review the new information.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.