Skip to content
BLUF (Bottom Line Up Front): On June 10, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 26-04, Prioritizing Security Updates Based on Risk. It revokes BOD 19-02 and BOD 22-01 and replaces them with something federal cybersecurity practitioners have been requesting for over a decade: permission to patch based on actual risk instead of a severi...