DHS orders government agencies to more swiftly plug critical security vulnerabilities found on their networks within 15 calendar days since the initial detection, a reduction from 30 days. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) issued a new Binding Operational Directive (BOD) 19-02 instructing federal agencies and departments to address “critical” rated vulnerabilities within 15 days and “high” severity flaws within 30 days of initial detection. The countdown to patch a security vulnerability will start when it was initially detected during CISA’s weekly Cyber Hygiene vulnerability scanning, rather than it was the first report to the affected agencies.
Source: https://thehackernews.com/2019/05/dhs-patch-vulnerabilities.html