CISA Releases Final Binding Operational Directive on Developing a Vulnerability Disclosure Policy

Original release date: September 3, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy (VDP). BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report vulnerabilities they find in the Federal Government’s internet-accessible systems. CISA released a draft version of BOD 20-01 for public comment in December 2019 and incorporated many of the received suggestions in the final version.

CISA encourages users to review BOD 20-01 and the CISA blog post, Improving Vulnerability Disclosure Together (Officially) for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

September is National Preparedness Month

Original release date: September 3, 2020

September is National Preparedness Month, which promotes family and community disaster planning. This year’s theme is “Disasters Don’t Wait. Make Your Plan Today.” The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators use this month as an opportunity to asses cybersecurity preparedness for cyber-related events, such as identity theft, ransomware infection, or a data breach.

Learn more about preparing for a natural disaster or general emergency at Ready.gov/September. See Ready.gov/Cybersecurity and the following CISA Tips for resources on preparing for, and responding to, unexpected cyber-related events:

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: September 3, 2020

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.