CISA stands for the Cybersecurity and Infrastructure Security Agency (CISA) and it leads the United States national effort to understand, manage, and reduce risk to American cyber and physical infrastructure. Its vision is to achieve a secure and resilient critical infrastructure for the American people.
No, CISA plays two key roles:
The answer is to be found in the CISA list. CISA has built a list called the Known Exploited Vulnerabilities Catalog. It is based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to federal agencies and private enterprises.
Binding Operational Directive (BOD) 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.
Yes and Yes. Cybersecurity information sharing is essential to collective defense and strengthening cybersecurity for the Nation. When cyber incidents are reported quickly, CISA can use this information to render assistance and provide a warning to prevent other organizations and entities from falling victim to a similar attack. This information is also critical to identifying trends that can help efforts to protect the homeland. Stakeholders can learn how to share cyber event information here – Sharing Cyber Event Information Fact Sheet.
This catalog is actively kept up to date – here is an example of a recent update from the CISA website:
Enterprises can subscribe to the update bulletin here – Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin.
Edgescan currently offers a new threat Intelligence & risk-based prioritization feature. It enables a new view for Enterprises to cross-reference their vulnerabilities with the CISA exploit list.
To learn more how to refine your remediation efforts with the CISA exploit list, go to
Marketing Executive of Edgescan