Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA BOD 22-01 federal remediation directive

Public Sector Action
First reported
Last updated
Happening score
H score 52
1 unique sources, 2 articles

Summary

Hide ▲

CISA required federal agencies covered by BOD 22-01 to apply available security updates or vendor-suggested mitigations, or stop using the affected products by February 12, 2026. The directive follows CISA's decision to place the vulnerabilities in the KEV catalog after evidence of active exploitation. It turns remediation of exploited enterprise software into a mandatory federal compliance action with a fixed deadline.

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)

Security Patch Release
First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...

Open Happening

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

Timeline

  1. 23.01.2026 20:47 1 articles · 4mo ago

    CISA adds exploited vulnerabilities to KEV

    Industry Or Public Sector Update

    CISA confirms active exploitation of four enterprise software vulnerabilities affecting Versa Concerto, Zimbra Collaboration Suite, Vite, and eslint-config-prettier, and adds the CVEs to the KEV catalog after finding evidence of exploitation in the wild.

    Show sources
    Open in new tab
  2. 23.01.2026 20:47 3 articles · 4mo ago

    Federal agencies face February 12, 2026 remediation deadline

    Legal Policy Action Update

    CISA requires all federal agencies bound by BOD 22-01 to apply available security updates or vendor-suggested mitigations, or to stop using the affected products, by February 12, 2026.

    Show sources
    Open in new tab