Biden administration issues cybersecurity mandate for federal agencies

The Biden administration issued a new order — Binding Operational Directive 22-01 - Reducing the Significant Risk of Known Exploited Vulnerabilities — requiring almost all federal agencies to botch hundreds of cybersecurity flaws considered expressive vulnerabilities for damaging intrusions into government computer systems. 


The Cybersecurity and Infrastructure Security Agency (CISA) via the operational directive has created — and published on CISA.gov — a living catalog of known exploited vulnerabilities that carry expressive risk. Approximately 200 vulnerabilities from 2017-2020 and 90 from 2021 make up the initial promulgation. CISA will regularly update the catalog with new known exploited vulnerabilities that meet specified thresholds.