The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) leads national efforts to protect and enhance the resilience of the nation’s physical and cyber infrastructure. In addition to publishing a Cybersecurity Framework and other helpful resources, CISA distributes cybersecurity bulletins with information and best practices for businesses, government agencies, and other organizations.
Two bulletins of particular value are the Weekly Vulnerability Summary and the Known Exploited Vulnerabilities (KEV) Catalog. The Weekly Vulnerability Summary is comprised of new vulnerabilities recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and includes patch information when available. The KEV Catalog is the authoritative source of vulnerabilities that are actively being exploited in the wild and causing harm based on adversary activity. Both of these bulletins are useful because they provide a compendium of early warnings and risk inputs that could be used in a vulnerability tracking and mitigation program. In a logical sense, the KEV Catalogis a subset of the Weekly Vulnerability Summary in that it exposes vulnerabilities that are causing immediate harm and have a higher probability of occurrence. Additionally, CISA sends notifications when security updates are available that address the known vulnerabilities being tracked.
CISA connects stakeholders in industry and government with resources that help strengthen individual cyber systems and reduce the likelihood of compromise by know threat actors. Visit www.cisa.gov to browse the publication library, which can be filtered by topic (e.g., cybersecurity, infrastructure security). For tailored and timely notifications, sign up for CISA notifications and select your subscriber preferences. See the following example:
– Lee Felter, MRO Principal Security Engineer