CISA BOD 22-01 federal remediation directive
Public Sector Action
Summary
Hide ▲
Show ▼
CISA required federal agencies covered by BOD 22-01 to apply available security updates or vendor-suggested mitigations, or stop using the affected products by February 12, 2026. The directive follows CISA's decision to place the vulnerabilities in the KEV catalog after evidence of active exploitation. It turns remediation of exploited enterprise software into a mandatory federal compliance action with a fixed deadline.
Related Happenings
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector Action
H score36
First: 12.06.2026 11:26
Last: 12.06.2026 11:26
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA BOD 26-04 remediation requirements
Advisory/Mitigation
H score31
First: 11.06.2026 15:46
Last: 11.06.2026 15:46
Sources 1
About this happening:
CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 remediation requirements
Advisory/MitigationAbout this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA KEV update and FCEB remediation deadline
Public Sector Action
H score33
First: 10.06.2026 17:44
Last: 10.06.2026 17:44
Sources 1
About this happening:
**CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA KEV update and FCEB remediation deadline
Public Sector ActionAbout this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
Timeline
-
23.01.2026 20:47 1 articles · 5mo ago
CISA adds exploited vulnerabilities to KEV
Industry Or Public Sector UpdateCISA confirms active exploitation of four enterprise software vulnerabilities affecting Versa Concerto, Zimbra Collaboration Suite, Vite, and eslint-config-prettier, and adds the CVEs to the KEV catalog after finding evidence of exploitation in the wild.
Show sources
- CISA confirms active exploitation of four enterprise software bugs — www.bleepingcomputer.com — 23.01.2026 20:47
-
23.01.2026 20:47 3 articles · 5mo ago
Federal agencies face February 12, 2026 remediation deadline
Legal Policy Action UpdateCISA requires all federal agencies bound by BOD 22-01 to apply available security updates or vendor-suggested mitigations, or to stop using the affected products, by February 12, 2026.
Show sources
- CISA confirms active exploitation of four enterprise software bugs — www.bleepingcomputer.com — 23.01.2026 20:47
- CISA confirms active exploitation of four enterprise software bugs — www.bleepingcomputer.com — 23.01.2026 20:47
- CISA flags critical SolarWinds RCE flaw as exploited in attacks — www.bleepingcomputer.com — 03.02.2026 21:37