CISA Releases Catalog of Cybersecurity Vulnerabilities Along With a Plan for Remediation
Client Alert | 1 min read | 11.04.21
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) released a catalog of almost 300 vulnerabilities in commonly used software known to be exploited by threat actors, along with a Binding Operational Directive (Directive or BOD) requiring Federal civilian agencies to remediate such vulnerabilities within prescribed deadlines. BOD 22-01, Reducing the Significant Risks of Known Exploited Vulnerabilities, applies to information systems operated by or for a Federal civilian agency and mandates that:
- Agencies review and update their internal vulnerability management procedures in accordance with the Directive by January 3, 2022;
- Remediate each vulnerability by the deadline set forth in the vulnerability catalog; and
- Report their vulnerability remediation status through CISA’s Continuous Diagnostics and Mitigation Federal Dashboard.
CISA intends to update the catalog with additional vulnerabilities once there is reliable evidence that the vulnerability has been actively exploited and there is a clear remediation action for the vulnerability, such as a vendor-provided update. Companies interested in receiving automatic updates when new vulnerabilities are added to the catalog can subscribe to the catalog update bulletin on CISA’s website.
For now, the Directive applies only to civilian agencies and contractors operating an information system on behalf of a civilian agency. It’s too soon to tell, however, whether the Department of Defense and/or the Intelligence Community will follow with similar actions. Regardless, CISA “strongly recommends” that private businesses voluntarily review the catalog, sign up to receive updates, and remediate the listed vulnerabilities in order to strengthen their cybersecurity defenses.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 5 min read | 12.12.25
Eleventh Circuit Hears Argument on False Claims Act Qui Tam Constitutionality
On the morning of December 12, 2025, the Eleventh Circuit heard argument in United States ex rel. Zafirov v. Florida Medical Associates, LLC, et al., No. 24-13581 (11th Cir. 2025). This case concerns the constitutionality of the False Claims Act (FCA) qui tam provisions and a groundbreaking September 2024 opinion in which the United States District Court for the Middle District of Florida held that the FCA’s qui tam provisions were unconstitutional under Article II. See United States ex rel. Zafirov v. Fla. Med. Assocs., LLC, 751 F. Supp. 3d 1293 (M.D. Fla. 2024). That decision, penned by District Judge Kathryn Kimball Mizelle, was the first success story for a legal theory that has been gaining steam ever since Justices Thomas, Barrett, and Kavanaugh indicated they would be willing to consider arguments about the constitutionality of the qui tam provisions in U.S. ex rel. Polansky v. Exec. Health Res., 599 U.S. 419 (2023). In her opinion, Judge Mizelle held (1) qui tam relators are officers of the U.S. who must be appointed under the Appointments Clause; and (2) historical practice treating qui tam and similar relators as less than “officers” for constitutional purposes was not enough to save the qui tam provisions from the fundamental Article II infirmity the court identified. That ruling was appealed and, after full briefing, including by the government and a bevy of amici, the litigants stepped up to the plate this morning for oral argument.
Client Alert | 8 min read | 12.11.25
Director Squires Revamps the Workings of the U.S. Patent Office
Client Alert | 8 min read | 12.10.25
Creativity You Can Use: CJEU Clarifies Copyright for Applied Art
Client Alert | 4 min read | 12.10.25
Federal Court Strikes Down Interior Order Suspending Wind Energy Development
