Tag
#BOD 26-04
3 stories taggedBOD 26-04.

Policy & Regulation
CISA orders federal agencies to patch SharePoint flaw by Saturday as attacks begin
A newly exploited Microsoft SharePoint bug lands in CISA's Known Exploited Vulnerabilities Catalog, triggering a three-day patching clock under Binding Operational Directive 26-04.
3 min

Vulnerabilities
CISA Gives Agencies 72 Hours on Ivanti Sentry Bug Under New Emergency Directive
BOD 26-04 sets a sharper clock for actively exploited flaws. First target: an Ivanti Sentry vulnerability already in attackers' hands.
2 min

Policy & Regulation
CISA's New Patching Directive Drops CVSS as the North Star
BOD 26-04 introduces a four-factor framework that prioritizes internet exposure, active exploitation, and attacker automation over raw severity scores — and gives agencies three days to act on the worst cases.
3 min