好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读整篇文章,抓住主要信息。 文章讲的是美国网络安全和基础设施安全局(CISA)撤销了10项紧急指令,这些指令发布于2019年至2024年。撤销的原因是这些指令要求的行动已经完成,或者现在被《减少已知被利用漏洞的重大风险》的强制性运营指令(BOD 22-01)覆盖了。这是CISA一次性关闭最多紧急指令的情况。 接下来,我需要提取关键点:CISA撤销了10项紧急指令,原因是因为它们已经被新的BOD 22-01覆盖或已完成。BOD 22-01使用已知被利用漏洞目录来提醒联邦机构修补漏洞,并设定了修补时间表。 然后,我需要把这些信息浓缩到100字以内,同时保持语言简洁明了。不需要使用“文章内容总结”之类的开头,直接描述即可。 可能的结构是:CISA撤销了10项紧急指令,因为它们已被新指令取代或完成。新指令BOD 22-01管理已知漏洞,并设定修补时间表。 检查一下是否遗漏了重要信息:撤销的数量、原因、新指令的作用。看起来都涵盖了。 最后,确保语言流畅,没有语法错误。 </think> 美国网络安全机构CISA撤销了10项紧急指令,因其已完成或被新指令取代。新指令BOD 22-01管理已知漏洞并设定修补时间表。 2026-1-9 04:0:31 Author: www.bleepingcomputer.com(查看原文) 阅读量:4 收藏
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01.
CISA said this is the largest number of Emergency Directives it has closed at one time.
"By statute, CISA issues Emergency Directives to rapidly mitigate emerging threats and to minimize the impact by limiting directives to the shortest time possible," explains CISA.
"Following a comprehensive review of all active directives, CISA determined that required actions have been successfully implemented or are now encompassed through Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities. "
Binding Operational Directive 22-01 uses the agency's Known Exploited Vulnerabilities (KEV) catalog to alert federal civilian agencies of actively exploited flaws and when systems must be patched against them.
Emergency Directives are meant to address urgent risks and remain in place only as long as needed.
The complete list of Emergency Directives closed today is:
- ED 19-01: Mitigate DNS Infrastructure Tampering
- ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
- ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday
- ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
- ED 21-01: Mitigate SolarWinds Orion Code Compromise
- ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
- ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities
- ED 21-04: Mitigate Windows Print Spooler Service Vulnerability
- ED 22-03: Mitigate VMware Vulnerabilities
- ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System
Many of those directives addressed vulnerabilities that were exploited quickly and are now part of CISA's KEV catalog.
Under BOD 22-01, federal civilian agencies are required to patch vulnerabilities listed in the KEV catalog by specific dates set by CISA. By default, agencies have up to six months to fix flaws assigned to CVEs before 2021, with newer flaws fixed within two weeks.
However, CISA can set significantly shorter patching timelines when deemed high risk.
In a recent example, agencies were required to patch Cisco devices affected by the actively exploited CVE-2025-20333 and CVE-2025-20362 vulnerabilities within one day.
Secrets Security Cheat Sheet: From Sprawl to Control
Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.
如有侵权请联系:admin#unsafe.sh