Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA BOD 22-01 federal remediation directive

Public Sector Action
First reported
Last updated
Happening score
H score 89
1 unique sources, 2 articles

Summary

Hide ▲

CISA required federal agencies covered by BOD 22-01 to apply available security updates or vendor-suggested mitigations, or stop using the affected products by February 12, 2026. The directive follows CISA's decision to place the vulnerabilities in the KEV catalog after evidence of active exploitation. It turns remediation of exploited enterprise software into a mandatory federal compliance action with a fixed deadline.

Related Happenings

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw

Public Sector Action
H score36 First: 16.06.2026 13:47 Last: 16.06.2026 13:47 Sources 1

About this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

CISA BOD 26-04 remediation requirements

Advisory/Mitigation
H score31 First: 11.06.2026 15:46 Last: 11.06.2026 15:46 Sources 1

About this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...

CISA KEV update and FCEB remediation deadline

Public Sector Action
H score33 First: 10.06.2026 17:44 Last: 10.06.2026 17:44 Sources 1

About this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...

Timeline

  1. 23.01.2026 20:47 1 articles · 5mo ago

    CISA adds exploited vulnerabilities to KEV

    Industry Or Public Sector Update

    CISA confirms active exploitation of four enterprise software vulnerabilities affecting Versa Concerto, Zimbra Collaboration Suite, Vite, and eslint-config-prettier, and adds the CVEs to the KEV catalog after finding evidence of exploitation in the wild.

    Show sources
  2. 23.01.2026 20:47 3 articles · 5mo ago

    Federal agencies face February 12, 2026 remediation deadline

    Legal Policy Action Update

    CISA requires all federal agencies bound by BOD 22-01 to apply available security updates or vendor-suggested mitigations, or to stop using the affected products, by February 12, 2026.

    Show sources