lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 2 May 2019 05:58:54 +0000 (UTC)
From: InfoSec News <>
Subject: [Newsletter/Marketing] [ISN] DHS Orders Agencies to Patch
 Critical Vulnerabilities Within 15 Days

By Eduard Kovacs
May 01, 2019

The U.S. Department of Homeland Security (DHS) this week issued a new Binding 
Operational Directive (BOD) instructing federal agencies and departments to act 
more quickly when it comes to patching serious vulnerabilities in 
internet-exposed systems.

Specifically, BOD 19-02 gives government organizations 15 days to address 
critical vulnerabilities and 30 days for high-severity flaws. The countdown 
starts when a vulnerability was initially detected, rather than when it was 
first reported to agencies.

Internet-exposed government systems undergo Cyber Hygiene scanning to help 
agencies identify vulnerabilities. The recently created Cybersecurity and 
Infrastructure Security Agency (CISA) provides regular reports to agencies, 
informing them of the detected flaws, classified based on their CVSSv2 score.

The new BOD 19-02 also instructs the CISA to provide technical expertise and 
guidance for remediation, and send a monthly report to the Office of Management 
and Budget (OMB) to identify trends and challenges and facilitate any policy or 
budget-related actions that may be required.


Subscribe to InfoSec News

Powered by blists - more mailing lists