CISA tells govt agencies to patch critical exploited flaws in 3 days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies.

giovedì 11 giugno 2026 New tab

373 words~2 min read

The directive aims to reduce the threat of cyberattacks targeting the public sector by requiring agencies to remediate high-risk vulnerabilities within accelerated timeframes, in some cases as little as three days.

CISA says that BOD 20-04 “supersedes and revokes” the older BOD 19-02 and BOD 22-01, introduced in 2019 and 2021, respectively.

The agency says that prioritizing patching is based on four key considerations:

Whether the asset is publicly exposed online

CISA tells govt agencies to patch critical exploited flaws in 3 days

CISA tells govt agencies to patch critical exploited flaws in 3 days

Other newsrooms on this story

Related reading

CISA Rewrites Federal Patching Requirements for AI Threat Era

CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI…

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk

New CISA directive will reshape how agencies prioritize cyber risks, official…

CISA directive revamps how agencies prioritize vulnerable systems

US shortens cyber fix window to three days as AI threats rise - The Economic…

Other newsrooms on this story

Related reading

CISA Rewrites Federal Patching Requirements for AI Threat Era

CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI…

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk

New CISA directive will reshape how agencies prioritize cyber risks, official…

CISA directive revamps how agencies prioritize vulnerable systems

US shortens cyber fix window to three days as AI threats rise - The Economic…