The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.

The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek.