Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

CISA BOD 26-04 remediation requirements

Advisory/Mitigation
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

CISA’s Binding Operational Directive 26-04 forces FCEB agencies to speed up remediation of high-risk vulnerabilities, with some deadlines as short as 3 days and new KEV-based reporting duties.

Related Happenings

CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies

Public Sector Action
H score27 First: 10.06.2026 15:00 Last: 10.06.2026 15:00 Sources 1

How related: Binding Operational Directive 26-04, issued on June 10, ties each deadline to risk: three days, plus a forensic check for signs of intrusion, for the most dangerous flaws, with longer windows for less severe combinations and deferral for genuinely low-risk bugs, in some cases until a system's next major upgrade.

About this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...

Open Happening

CISA launches KEV Nomination Form

Public Sector Action
H score38 First: 21.05.2026 15:00 Last: 21.05.2026 15:00 Sources 1

About this happening: CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
H score49 First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

CISA KEV directive for CVE-2026-20133

Public Sector Action
H score42 First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Open Happening

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
H score53 First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

Timeline

  1. 11.06.2026 15:46 2 articles · 5h ago

    CISA issues Binding Operational Directive 26-04 for FCEB agencies

    Initial Disclosure

    CISA issued Binding Operational Directive 26-04 for Federal Civilian Executive Branch (FCEB) agencies, superseding BOD 19-02 and BOD 22-01 and prioritizing security updates for publicly exposed or KEV-listed vulnerabilities with remediation deadlines as short as three days.

    Show sources
    Open in new tab
  2. 11.06.2026 15:46 2 articles · 5h ago

    Federal agencies must update vulnerability management policies within 60 days

    Mitigation Patch Update

    FCEB agencies must update vulnerability management policies, refresh asset inventories, and automate KEV status reporting so remediation decisions use CVE and KEV data.

    Show sources
    Open in new tab
  3. 11.06.2026 15:46 1 articles · 5h ago

    Federal agencies must follow the new remediation timelines and report detailed asset metadata

    Mitigation Patch Update

    By the 180-day implementation point, FCEB agencies must follow the new remediation timelines and continuously monitor and report detailed asset metadata across on-premise, third-party hosted, and FedRAMP/non-FedRAMP cloud environments.

    Show sources
    Open in new tab