CISA Issues Incident and Vulnerability Response Playbooks>
Info Risk Today – Dan Gunderman
The 43-page document builds on CISA’s Binding Operational Directive 22-01, issued this month, in which federal civilian agencies were required to patch some 200 vulnerabilities known to be exploited in the wild – including short deadlines for urgent common vulnerabilities and exposures, or CVEs, and others requiring mitigation by May 2022 (see: CISA Directs Federal Agencies to Patch Known Vulnerabilities).

CISA’s playbook also addresses requirements laid out in President Joe Biden’s May executive order on cybersecurity – which calls for a widespread technological modernization across the federal government, including efforts to implement multifactor authentication and zero trust architectures (see: Biden’s Cybersecurity Executive Order: 4 Key Takeaways).

Though directed toward federal agencies, CISA said in its statement that it “strongly encourages” private sector partners to review the playbooks.

CISA’s guides include checklists for incident response, incident response preparation, and vulnerability response. They also clearly delineate interagency cybersecurity functions, outline CISA’s role as the main response agency, and urge agencies to readily share information.
Link: https://www.inforisktoday.com/cisa-issues-incident-vulnerability-response-playbooks-a-17944