| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 May 2019 05:58:54 +0000 (UTC) From: InfoSec News <alerts@...osecnews.org> To: isn@...ts.infosecnews.org Subject: [Newsletter/Marketing] [ISN] DHS Orders Agencies to Patch Critical Vulnerabilities Within 15 Days https://www.securityweek.com/dhs-orders-agencies-patch-critical-flaws-within-15-days By Eduard Kovacs SecurityWeek May 01, 2019 The U.S. Department of Homeland Security (DHS) this week issued a new Binding Operational Directive (BOD) instructing federal agencies and departments to act more quickly when it comes to patching serious vulnerabilities in internet-exposed systems. Specifically, BOD 19-02 gives government organizations 15 days to address critical vulnerabilities and 30 days for high-severity flaws. The countdown starts when a vulnerability was initially detected, rather than when it was first reported to agencies. Internet-exposed government systems undergo Cyber Hygiene scanning to help agencies identify vulnerabilities. The recently created Cybersecurity and Infrastructure Security Agency (CISA) provides regular reports to agencies, informing them of the detected flaws, classified based on their CVSSv2 score. The new BOD 19-02 also instructs the CISA to provide technical expertise and guidance for remediation, and send a monthly report to the Office of Management and Budget (OMB) to identify trends and challenges and facilitate any policy or budget-related actions that may be required. [...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Powered by blists - more mailing lists