US DHS Cybersec Vulnerability Directive

By   ISBuzz Team
Writer , Information Security Buzz | May 01, 2019 01:02 pm PST

The US Dept. of Homeland Security this week issued a binding directive, Vulnerability Remediation Requirements for Internet-Accessible SystemsThe DHS Cybersecurity and Infrastructure Security Agency (CISA) issued the binding operational directive (BOD) 19-02 which requires federal agencies to remediate critical security vulnerabilities within 15 days since the initial detection. As explained by CISA, “A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems.”

Mounir Hahad, Head of Juniper Networks’ Juniper Threat Labs: 

“This is a good initiative, one for which all reputable private sector enterprises already subscribe to via third party scanning services. It wouldn’t surprise me if some government agencies also subscribe to similar services in the private sector as it is definitely a best practice in the industry.   

I would argue that the directive does not go far enough to call out critical vulnerabilities for which proofs of concept may already be published or for which developing an exploit is trivial. Those indeed have a higher chance of being exploited by threat actors in record time. In my view, 15 days for remediation is too slow in those circumstances.” 



Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x