CISA orders federal agencies to “patch smarter”

The US Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 26-04, ordering federal civilian agencies to adopt a risk-based vulnerability management framework. The directive responds to an unmanageable surge in new vulnerabilities and AI-accelerated exploit development, shifting federal policy from volume-based patching to smarter, prioritized remediation.

The US Cybersecurity and Infrastructure Security Agency CISA has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly published vulnerabilities and by AI tools that are accelerating both security research and exploit development on the attacker side. Towards risk-based vulnerability management BOD 26-04 introduces a framework that allow federal civilian Executive … More https://www.helpnetsecurity.com/2026/06/11/cisa-risk-based-vulnerability-management-government/ The post CISA orders federal agencies to “patch smarter” https://www.helpnetsecurity.com/2026/06/11/cisa-risk-based-vulnerability-management-government/ appeared first on Help Net Security https://www.helpnetsecurity.com .